Network shell protocol is enabled in FireFox.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15771 | DTBF105 | SV-16710r3_rule | Medium |
| Description |
|---|
| Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed. |
| STIG | Date |
|---|---|
| Mozilla FireFox Security Technical Implementation Guide | 2020-06-19 |
Details
| Check Text ( C-16615r2_chk ) |
|---|
| Procedure: Open a browser window, type "about:config" in the address bar. Criteria: If the value of "network.protocol-handler.external.shell" is not "false" or is not locked, then this is a finding. |
| Fix Text (F-15988r3_fix) |
|---|
| Procedure: Set the value of "network.protocol-handler.external.shell" to "false" and lock using the Mozilla.cfg file. |