STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Mozilla Firefox Security Technical Implementation Guide

V-251550

CAT II (Medium)

Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.

Rule ID

SV-251550r961194_rule

STIG

Mozilla Firefox Security Technical Implementation Guide

Version

V6R7

CCIs

CCI-001242

Discussion

Some files can be downloaded or execute without user interaction. This setting ensures these files are not downloaded and executed.

Check Content

Type "about:preferences" in the browser address bar. 

Type "Applications" in the Find bar in the upper-right corner. 

Determine if any of the following file extensions are listed: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, DOS, BAT, PS, EPS, WCH, WCM, WB1, WB3, WCH, WCM, AD.

If the entry exists and the "Action" is "Save File" or "Always Ask", this is not a finding.
 
If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, this is a finding.

Fix Text

Remove any unauthorized extensions from the auto-download list.