5.7 Disable Displaying JavaScript in History URLs

Information

This will ensure that JavaScript URLs are not displayed in the history bar.
Various browser elements, even a simple link, can embed javascript: URLs and access the javascript: protocol. The JavaScript statement used in a javascript: URL can be used to encapsulate a specially crafted URL that performs a malicious function.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref("browser.urlbar.filter.javascript", true);

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: b4db5a347c065082fa021ff0128491ff94e6cfd3741a59a76379af2197d6cf72