Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251550 | FFOX-00-000006 | SV-251550r961194_rule | Medium |
| Description |
| Some files can be downloaded or execute without user interaction. This setting ensures these files are not downloaded and executed. |
| STIG | Date |
| Mozilla Firefox Security Technical Implementation Guide | 2025-02-11 |
Details
| Check Text (C-54985r832304_chk) |
| Type "about:preferences" in the browser address bar. Type "Applications" in the Find bar in the upper-right corner. Determine if any of the following file extensions are listed: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, DOS, BAT, PS, EPS, WCH, WCM, WB1, WB3, WCH, WCM, AD. If the entry exists and the "Action" is "Save File" or "Always Ask", this is not a finding. If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, this is a finding. |
| Fix Text (F-54939r807121_fix) |
| Remove any unauthorized extensions from the auto-download list. |