Is there a way to disable "Open File" and "Save Page As" operation from the menu?
Our company is using Firefox. We recently have found that you can launch Command Prompt or PowerShell by typing "cmd" or "powershell" into address bar of "Open File" or "Save Page As" menu.
Since we can not accept this behavior for security reasons, we are considering disabling "Open File" and "Save Page As" feature themselves. Is there a way to realize this?
We sought options to disable these features, but could not find any so far. Or If there is alternative solution for this, that would be highly appreciated if you share your knowledge.
moved from Firefox -> Firefox for Enterprise
Ti ṣàtúnṣe
Ọ̀nà àbáyọ tí a yàn
All Replies (4)
Is that Windows 10? It seems to affect all File Explorer dialogs.
For example, if I click the Browse button below this box to open a file browser to attach an image, and type cmd into the path box at the top and press Enter, then Windows launches cmd.exe.
Have you found a solution for other browsers?
Thank you for the reply. I'm sorry my explanation was not enough.
Our machines (yes, they are Windows 10) are isolated from the internet.
However, Firefox is the only exception. It's running inside local sandbox which is generated by a specific solution, and can connect to the internet. (It's like a local virtual browser without server)
Files downloaded by Firefox are stored inside the sandbox, thus host machine should be safe theoretically. However, if user can run malicious files downloaded from the internet using this "Open File" method...? The user may "break" the sandbox by using the file and may cause a bad consequence.
We want to mitigate this risk. That is why I limited the scope of question into only Firefox.
Ti ṣàtúnṣe
We don't currently implement this.
Chrome has a policy for this
AllowFileSelectionDialogs
I'll add it to our backlog.