FFOX-00-000012 - Firefox must be configured to prevent JavaScript from disabling or replacing context menus.

Information

A website may execute JavaScript that can remove or replace context menus/pop-up menus. This can help disguise an attack. Set this preference to 'false' so that web pages will not be able to affect the context menu event.

Solution

Windows group policy:
1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
'dom.event.contextmenu.enabled': {
'Value': false,
'Status': 'locked'
}
}

macOS 'plist' file:
Add the following:
<key>Preferences</key>
<dict>
<key>dom.event.contextmenu.enabled</key>
<dict>
<key>Value</key>
<false/>
<key>Status</key>
<string>locked</string>
</dict>
</dict>

Linux 'policies.json' file:
Add the following in the policies section:
'Preferences': {
'dom.event.contextmenu.enabled': {
'Value': false,
'Status': 'locked'
}
}

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-251556r807140_rule, STIG-ID|FFOX-00-000012, Vuln-ID|V-251556

Plugin: Windows

Control ID: a27b2ac938c6f54e5983b55988f74cba0becba8545486a99a3d71daa98fb6bce