5.2 Disable Scripting of Plugins by JavaScript

Information

Javascript can initiate and interact with the Plug-ins installed in Firefox.
This may reduce a malicious script's ability to exploit vulnerabilities in plug-ins or abuse plug-in features.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref("security.xpconnect.plugin.unrestricted", false);

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 8e93dc18aa261a663daa690e9948ae0573361cfffa8f1aa551be07549877f6d8