Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251550 | FFOX-00-000006 | SV-251550r961194_rule | CCI-001242 | medium |
| Description | ||||
| Some files can be downloaded or execute without user interaction. This setting ensures these files are not downloaded and executed. | ||||
| STIG | Date | |||
| Mozilla Firefox Security Technical Implementation Guide | 2025-02-11 | |||
Details
Check Text (C-251550r961194_chk)
Type "about:preferences" in the browser address bar.
Type "Applications" in the Find bar in the upper-right corner.
Determine if any of the following file extensions are listed: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, DOS, BAT, PS, EPS, WCH, WCM, WB1, WB3, WCH, WCM, AD.
If the entry exists and the "Action" is "Save File" or "Always Ask", this is not a finding.
If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, this is a finding.
Fix Text (F-54939r807121_fix)
Remove any unauthorized extensions from the auto-download list.