5.7 Disable Displaying JavaScript in History URLs

Information

This will ensure that JavaScript URLs are not displayed in the history bar.
Various browser elements, even a simple link, can embed javascript: URLs and access the javascript: protocol. The JavaScript statement used in a javascript: URL can be used to encapsulate a specially crafted URL that performs a malicious function.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref("browser.urlbar.filter.javascript", true);

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 04a922778a52d1e21643fdf7f317121d9df152f9c3502bf247e9dda3cfc97bab