Firefox does not clear cookies upon closing.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15777 | DTBF170 | SV-16716r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Cookies can help websites perform better but can also be part of spyware. To mitigate this risk, set browser preferences to perform a Clear Private Data operation when closing the browser in order to clear cookies and other data installed by websites visited during the session. |
| STIG | Date |
|---|---|
| Mozilla FireFox | 2014-07-03 |
Details
| Check Text ( C-16622r1_chk ) |
|---|
| Type "about:config" in the address bar of the browser. Verify that the preference “privacy.sanitize.sanitizeOnShutdown" is set to “true”. Also “privacy.sanitize.promptOnSanitize” must be set to “false” to prevent users from circumventing the deleting of cookies. Both settings must also be locked to prevent user changes. Criteria: If the parameter for either of the two sanitize preferences is set incorrectly, then this is a finding. If the settings are not locked, then this is a finding. |
| Fix Text (F-15994r1_fix) |
|---|
| Ensure the preference "privacy.sanitize.sanitizeOnShutdown" is set and locked to the value of “true”. Also ensure the preference “privacy.sanitize.promptOnSanitize” is set and locked to “false” |