UCF STIG Viewer Logo

Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (34)
2023-06-05 CAT I (High): 2 CAT II (Med): 30 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-251546 High Firefox must be configured to allow only TLS 1.2 or above.
V-251545 High The installed version of Firefox must be supported.
V-251567 Medium Firefox fingerprinting protection must be enabled.
V-252881 Medium Firefox must be configured to not delete data upon shutdown.
V-251573 Medium The Firefox New Tab page must not show Top Sites, Sponsored Top Sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.
V-251580 Medium Firefox feedback reporting must be disabled.
V-251558 Medium Background submission of information to Mozilla must be disabled.
V-252909 Medium Firefox Studies must be disabled.
V-252908 Medium Pocket must be disabled.
V-251555 Medium Firefox must be configured to prevent JavaScript from raising or lowering windows.
V-251554 Medium Firefox must be configured to prevent JavaScript from moving or resizing windows.
V-251557 Medium Firefox must be configured to disable the installation of extensions.
V-251551 Medium Firefox must be configured to disable form fill assistance.
V-251550 Medium Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
V-251553 Medium Firefox must be configured to block pop-up windows.
V-251578 Medium Firefox accounts must be disabled.
V-251577 Medium Firefox must be configured so that DNS over HTTPS is disabled.
V-251572 Medium Firefox must not recommend extensions as the user is using the browser.
V-251571 Medium Firefox deprecated ciphers must be disabled.
V-251570 Medium Firefox extension recommendations must be disabled.
V-251552 Medium Firefox must be configured to not use a password store with or without a master password.
V-251581 Medium Firefox encrypted media extensions must be disabled.
V-251547 Medium Firefox must be configured to ask which certificate to present to a website when a certificate is required.
V-251568 Medium Firefox cryptomining protection must be enabled.
V-251569 Medium Firefox Enhanced Tracking Protection must be enabled.
V-251564 Medium Firefox search suggestions must be disabled.
V-251548 Medium Firefox must be configured to not automatically check for updated versions of installed search plugins.
V-251549 Medium Firefox must be configured to not automatically update installed add-ons and plugins.
V-251560 Medium Firefox must have the DOD root certificates installed.
V-251562 Medium Firefox must prevent the user from quickly deleting data.
V-251563 Medium Firefox private browsing must be disabled.
V-251566 Medium Firefox network prediction must be disabled.
V-251559 Low Firefox development tools must be disabled.
V-251565 Low Firefox autoplay must be disabled.