STIGQter: STIG Summary: Mozilla Firefox Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 22 Jan 2021:

Firefox automatically executes or downloads MIME types which are not authorized for auto-download.

DISA Rule

SV-223156r612236_rule

Vulnerability Number

V-223156

Group Title

SRG-APP-000278

Rule Version

DTBF100

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Remove any unauthorized extensions from the autodownload list.

Check Contents

Use Method 1 or 2 to check if the following extensions are listed in the browser configuration: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC. By default, most of these extensions will not show up on the Firefox listing.

Criteria:

Method 1: In about:plugins, Installed plug-in, inspect the entries in the Suffixes column.

If any of the prohibited extensions are found, then for each of them, verify that it is not associated with an application that executes code. However, applications such as Notepad.exe that do not execute code may be associated with the extension. If the extension is associated with an unauthorized application, then this is a finding.

If the extension exists but is not associated with an application, then this is a finding.

Method 2:
Use the Options User Interface Applications menu to search for the prohibited extensions in the Content column of the table.

If an extension that is not approved for automatic execution exists and the entry in the Action column is associated with an application that does not execute the code (e.g., Notepad), then do not mark this as a finding.

If the entry exists and the "Action" is 'Save File' or 'Always Ask', then this is not a finding.

If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, then this is a finding.

Vulnerability Number

V-223156

Documentable

False

Rule Version

DTBF100

Severity Override Guidance

Use Method 1 or 2 to check if the following extensions are listed in the browser configuration: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC. By default, most of these extensions will not show up on the Firefox listing.

Criteria:

Method 1: In about:plugins, Installed plug-in, inspect the entries in the Suffixes column.

If any of the prohibited extensions are found, then for each of them, verify that it is not associated with an application that executes code. However, applications such as Notepad.exe that do not execute code may be associated with the extension. If the extension is associated with an unauthorized application, then this is a finding.

If the extension exists but is not associated with an application, then this is a finding.

Method 2:
Use the Options User Interface Applications menu to search for the prohibited extensions in the Content column of the table.

If an extension that is not approved for automatic execution exists and the entry in the Action column is associated with an application that does not execute the code (e.g., Notepad), then do not mark this as a finding.

If the entry exists and the "Action" is 'Save File' or 'Always Ask', then this is not a finding.

If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, then this is a finding.

Check Content Reference

M

Target Key

4097

Comments