Details

JavaScript can make changes to the browser’s appearance. This activity can help disguise an attack taking place in a minimized background window. Configure the browser setting to prevent scripts on visited websites from moving and resizing browser windows.

Solution

Windows group policy:
1. Open the group policy editor tool with ‘gpedit.msc’.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefox
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
‘dom.disable_window_move_resize’: {
‘Value’: true,
‘Status’: ‘locked’
}
}

macOS ‘plist’ file:
Add the following:
Preferences

dom.disable_window_move_resize

Value
Status
locked

Linux ‘policies.json’ file:
Add the following in the policies section:
‘Preferences’: {
‘dom.disable_window_move_resize’: {
‘Value’: true,
‘Status’: ‘locked’
}
}

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-251554r807134_rule
• STIG-ID|FFOX-00-000010
• Vuln-ID|V-251554

Source

• Tenable.com/audits