Guide to the Secure Configuration of Firefox
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable Firefox deprecated ciphers
Pocket may be disabled by setting <code>TLS_RSA_WITH_3DES_EDE_CBC_SHA</code> to <code>true</code> under <code>DisabledCiphers</code> in the policie...Rule Medium Severity -
Firefox must be configured to disable form fill assistance.
The update check may be disabled in an administrative policy by setting the <code>DisableFormHistory</code> key under <code>policies</code> to <cod...Rule Medium Severity -
Disable Firefox Pocket
Pocket may be disabled by settingDisablePockettotruein the policies file.Rule Medium Severity -
Disable Firefox Studies
Pocket may be disabled by settingDisableFirefoxStudiestotruein the policies file.Rule Medium Severity -
Firefox must be configured to not delete data upon shutdown.
The default certificate to present may be configured by setting multiple options under <code>SanitizeOnShutdown</code> key. <ul><li> <code>Cache</c...Rule Medium Severity -
Firefox must be configured so that DNS over HTTPS is disabled.
DNS over HTTPS feature may be disabled via administrative policy by setting <code>Enabled</code> under <code>DNSOverHTTPS</code> to <code>false</co...Rule Medium Severity -
Firefox encrypted media extensions must be disabled.
Firefox's Encrypted Media Extensions support playback of media content that is subject to Digital Right Management. These extensions may be disable...Rule Medium Severity -
Enabled Firefox Enhanced Tracking Protection
Enhanced Tracking Protection may be enabled by settingbrowser.contentblocking.categorytostrict.Rule Medium Severity -
Disabled Firefox Extension Recommendations
Extension recommendations may be disabled by setting <code>extensions.htmlaboutaddons.recommendations.enabled</code> to <code>false</code> in the p...Rule Medium Severity -
Firefox must be configured to not automatically update installed add-ons and plugins.
Firefox has a feature to permit installed add-ons and plugins to automatically update. The check may be disabled in an administrative policy by set...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.