Details
This will ensure that JavaScript URLs are not displayed in the history bar.
Various browser elements, even a simple link, can embed javascript: URLs and access the javascript: protocol. The JavaScript statement used in a javascript: URL can be used to encapsulate a specially crafted URL that performs a malicious function.
Solution
Perform the following procedure:
* Open the mozilla.cfg file in the installation directory with a text editor
* Add the following lines to mozilla.cfg:
lockPref(“browser.urlbar.filter.javascript”, true);
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.