Firefox is configured to autofill passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15775 | DTBF150 | SV-16714r3_rule | Medium |
| Description |
|---|
| While on the internet, it may be possible for an attacker to view the saved password files and gain access to the user's accounts on various hosts. |
| STIG | Date |
|---|---|
| Mozilla FireFox Security Technical Implementation Guide | 2020-06-19 |
Details
| Check Text ( C-16620r2_chk ) |
|---|
| In About:Config, verify that the preference name “signon.autofillForms“ is set to “false” and locked. Criteria: If the parameter is set incorrectly, this is a finding. If the setting is not locked, this is a finding. |
| Fix Text (F-15992r3_fix) |
|---|
| Ensure the preference "signon.autofillForms" is set and locked to the value of “false”. |