Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (37)
2021-12-01 CAT I (High): 2 CAT II (Med): 33 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-251546 High Firefox must be configured to allow only TLS 1.2 or above.
V-251545 High The installed version of Firefox must be supported.
V-251549 Medium Firefox must be configured to not automatically update installed add-ons and plugins.
V-251580 Medium Firefox feedback reporting must be disabled.
V-251558 Medium Background submission of information to Mozilla must be disabled.
V-251555 Medium Firefox must be configured to prevent JavaScript from raising or lowering windows.
V-251554 Medium Firefox must be configured to prevent JavaScript from moving or resizing windows.
V-251557 Medium Firefox must be configured to disable the installation of extensions.
V-251556 Medium Firefox must be configured to prevent JavaScript from disabling or replacing context menus.
V-251551 Medium Firefox must be configured to disable form fill assistance.
V-251550 Medium Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
V-251553 Medium Firefox must be configured to block pop-up windows.
V-251578 Medium Firefox accounts must be disabled.
V-251577 Medium Firefox must be configured so that DNS over HTTPS is disabled.
V-251576 Medium The Firefox New Tab page must not show snippets.
V-251575 Medium The Firefox New Tab page must not show highlights.
V-251574 Medium The Firefox New Tab page must not show recommended stories.
V-251573 Medium The Firefox New Tab page must not show top sites.
V-251572 Medium Firefox must not recommend extensions as the user is using the browser.
V-251571 Medium Firefox deprecated ciphers must be disabled.
V-251570 Medium Firefox extension recommendations must be disabled.
V-251552 Medium Firefox must be configured to not use a password store with or without a master password.
V-251581 Medium Firefox encrypted media extensions must be disabled.
V-251547 Medium Firefox must be configured to ask which certificate to present to a website when a certificate is required.
V-251579 Medium Firefox updates must not run in the background.
V-251568 Medium Firefox cryptomining protection must be enabled.
V-251569 Medium Firefox Enhanced Tracking Protection must be enabled.
V-251564 Medium Firefox search suggestions must be disabled.
V-251548 Medium Firefox must be configured to not automatically check for updated versions of installed search plugins.
V-251567 Medium Firefox fingerprinting protection must be enabled.
V-251560 Medium Firefox must have the DoD root certificates installed.
V-251561 Medium Firefox must be configured to not delete data upon shutdown.
V-251562 Medium Firefox must prevent the user from quickly deleting data.
V-251563 Medium Firefox private browsing must be disabled.
V-251566 Medium Firefox network prediction must be disabled.
V-251559 Low Firefox development tools must be disabled.
V-251565 Low Firefox autoplay must be disabled.