FFOX-00-000012 - Firefox must be configured to prevent JavaScript from disabling or replacing context menus.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

A website may execute JavaScript that can remove or replace context menus/pop-up menus. This can help disguise an attack. Set this preference to 'false' so that web pages will not be able to affect the context menu event.

Solution

Windows group policy:
1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefox
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
'dom.event.contextmenu.enabled': {
'Value': false,
'Status': 'locked'
}
}

macOS 'plist' file:
Add the following:
<key>Preferences</key>
<dict>
<key>dom.event.contextmenu.enabled</key>
<dict>
<key>Value</key>
<false/>
<key>Status</key>
<string>locked</string>
</dict>
</dict>

Linux 'policies.json' file:
Add the following in the policies section:
'Preferences': {
'dom.event.contextmenu.enabled': {
'Value': false,
'Status': 'locked'
}
}

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-251556r807140_rule, STIG-ID|FFOX-00-000012, Vuln-ID|V-251556

Plugin: Unix

Control ID: a93ca7c72430de9b5d3a8a036494b36dcafb9d9e14b0fdbc1395fc127a779fdd