CCE-94533-7| Platform: cpe:/a:mozilla:firefox_rpm | Date: (C)2021-06-15 (M)2023-07-04 |
Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the
underlying system. This check verifies that the default setting has not been changed.
Parameter:
[no/yes]
Technical Mechanism:
Procedure: Set the value of "network.protocol-handler.external.shell" to "false" and lock using the Mozilla.cfg file.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.6 | Attack Vector: NETWORK |
| Exploit Score: 3.9 | Attack Complexity: LOW |
| Impact Score: 4.7 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:60304 |
