Network shell protocol is enabled in FireFox.

From Mozilla Firefox Security Technical Implementation Guide

Part of DTBF105 - FireFox Preferences – Shell Protocol

Associated with: CCI-000381

SV-16710r3_rule Network shell protocol is enabled in FireFox.

Vulnerability discussion

Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to theunderlying system. This check verifies that the default setting has not been changed.

Check content

Procedure: Open a browser window, type "about:config" in the address bar. Criteria: If the value of "network.protocol-handler.external.shell" is not "false" or is not locked, then this is a finding.

Fix text

Procedure: Set the value of "network.protocol-handler.external.shell" to "false" and lock using the Mozilla.cfg file.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer