UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (34)
2022-09-09 CAT I (High): 2 CAT II (Med): 30 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-251546 High Firefox must be configured to allow only TLS 1.2 or above.
V-251545 High The installed version of Firefox must be supported.
V-251567 Medium Firefox fingerprinting protection must be enabled.
V-252881 Medium Firefox must be configured to not delete data upon shutdown.
V-251573 Medium The Firefox New Tab page must not show Top Sites, Sponsored Top Sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.
V-251580 Medium Firefox feedback reporting must be disabled.
V-251558 Medium Background submission of information to Mozilla must be disabled.
V-252909 Medium Firefox Studies must be disabled.
V-252908 Medium Pocket must be disabled.
V-251555 Medium Firefox must be configured to prevent JavaScript from raising or lowering windows.
V-251554 Medium Firefox must be configured to prevent JavaScript from moving or resizing windows.
V-251557 Medium Firefox must be configured to disable the installation of extensions.
V-251551 Medium Firefox must be configured to disable form fill assistance.
V-251550 Medium Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
V-251553 Medium Firefox must be configured to block pop-up windows.
V-251578 Medium Firefox accounts must be disabled.
V-251577 Medium Firefox must be configured so that DNS over HTTPS is disabled.
V-251572 Medium Firefox must not recommend extensions as the user is using the browser.
V-251571 Medium Firefox deprecated ciphers must be disabled.
V-251570 Medium Firefox extension recommendations must be disabled.
V-251552 Medium Firefox must be configured to not use a password store with or without a master password.
V-251581 Medium Firefox encrypted media extensions must be disabled.
V-251547 Medium Firefox must be configured to ask which certificate to present to a website when a certificate is required.
V-251568 Medium Firefox cryptomining protection must be enabled.
V-251569 Medium Firefox Enhanced Tracking Protection must be enabled.
V-251564 Medium Firefox search suggestions must be disabled.
V-251548 Medium Firefox must be configured to not automatically check for updated versions of installed search plugins.
V-251549 Medium Firefox must be configured to not automatically update installed add-ons and plugins.
V-251560 Medium Firefox must have the DoD root certificates installed.
V-251562 Medium Firefox must prevent the user from quickly deleting data.
V-251563 Medium Firefox private browsing must be disabled.
V-251566 Medium Firefox network prediction must be disabled.
V-251559 Low Firefox development tools must be disabled.
V-251565 Low Firefox autoplay must be disabled.