Firefox is must be configured to prevent JavaScript from disable or replace context menus.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15986	DTBF183	SV-66005r1_rule	ECSC-1	Medium

Description
A context menu (also known as a pop-up menu) is often used in a graphical user interface (GUI) and appears upon user interaction (e.g., a right mouse click). A context menu offers a limited set of choices that are available in the current state, or context, of the operating system or application. A website may execute JavaScript that can make changes to these context menus. This can help disguise an attack. Set this preference to "false" so that webpages will not be able to affect the context menu event.

Description

A context menu (also known as a pop-up menu) is often used in a graphical user interface (GUI) and appears upon user interaction (e.g., a right mouse click). A context menu offers a limited set of choices that are available in the current state, or context, of the operating system or application. A website may execute JavaScript that can make changes to these context menus. This can help disguise an attack. Set this preference to "false" so that webpages will not be able to affect the context menu event.

STIG	Date
Mozilla FireFox	2014-07-03

Details

Check Text ( C-16626r3_chk )
Type "about:config" in the address bar of the browser. Verify that the preferences “dom.event.contextmenu.enabled" is set and locked to “false”, "dom.disable_window_move_resize" is set and locked to "true", and "dom.disable_window_flip" is set and locked to "true". Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding.

Fix Text (F-15998r3_fix)
Ensure the preferences “dom.event.contextmenu.enabled" is set and locked to “false”, "dom.disable_window_move_resize" is set and locked to "true", and "dom.disable_window_flip" is set and locked to "true".