4.5 Block Mixed Active Content

Information

This feature disables the ability to view HTTP content such as JavaScript, CSS, objects, and xhr requests.
Blocking active mixed content minimizes the risk of man-in-the-middle attacks.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref("security.mixed_content.block_active_content", true)

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: b7420fe1d2fe77103d629623c30266ae8e8f027f9a77e29e3864d85bf1ba8016