Guide to the Secure Configuration of Firefox
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Enable Certificate Verification
Firefox can be configured to prompt the user to choose a certificate to present to a website when asked. To enable certificate verification, set <code>security.default_personal_cert</code> to <code...Rule Medium Severity -
Disable auto-download for proscribed MIME types.
Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.Rule Medium Severity -
Supported Version of Firefox Installed
If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or a yum server, run the following command to install updates: <pre>$ sudo yum update</pre> If the system is not configur...Rule High Severity -
The DoD Root Certificate Is Required
The Shared System Certificates store contains certificates that applications can access for a single certificate repository. If enabled, Firefox can access that single system certificate repository...Group -
The DoD Root Certificate Exists
The DoD root certificate should be installed in the Shared System Certificates store for Firefox to be able to access the DoD certificate. To install the root certificated into the Shared System Ce...Rule Medium Severity -
Enable Shared System Certificates
The Shared System Certificates store makes NSS, GnuTLS, OpenSSL, and Java share a default source for retrieving system certificate anchors and blacklist information. Firefox has the capability of u...Rule Medium Severity -
Firefox
Firefox is an open-source web browser and developed by Mozilla. Web browsers such as Firefox are used for a number of reasons. This section provides settings for configuring Firefox policies to mee...Group -
Firefox encrypted media extensions must be disabled.
Firefox's Encrypted Media Extensions support playback of media content that is subject to Digital Right Management. These extensions may be disabled completely by setting <ul> <li> <code>Enabled</c...Rule Medium Severity -
The Firefox New Tab page must not show Top Sites, Sponsored Top sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.
Display of top sites may be disabled in an administrative policy by setting the following items under <code>FirefoxHome</code> to <code>false</code> and by setting the <code>locked</code> key to <c...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules