Skip to content
Log In

Mozilla Firefox Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The installed version of Firefox must be supported.

    Using versions of an application that are not supported by the vendor is not permitted. Vendors respond to security flaws with updates and patches. These updates are not available for unsupported v...
    Rule High Severity
    Show

  • Firefox must be configured to not use a password store with or without a master password.

    Firefox can be set to store passwords for sites visited by the user. These individual passwords are stored in a file and can be protected by a master password. Autofill of the password can then be ...
    Rule Medium Severity
    Show

  • Firefox must be configured to disable the installation of extensions.

    A browser extension is a program that has been installed into the browser to add functionality. Where a plug-in interacts only with a web page and usually a third-party external application (e.g., ...
    Rule Medium Severity
    Show

  • Firefox development tools must be disabled.

    Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information about the web browser and plug-ins or modules being used. When debugging or...
    Rule Low Severity
    Show

  • Firefox fingerprinting protection must be enabled.

    The Content Blocking/Tracking Protection feature stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the tracker ...
    Rule Medium Severity
    Show

  • Firefox Enhanced Tracking Protection must be enabled.

    Tracking generally refers to content, cookies, or scripts that can collect browsing data across multiple sites. It is detrimental for applications to provide, or install by default, functionality ...
    Rule Medium Severity
    Show

  • The Firefox New Tab page must not show Top Sites, Sponsored Top Sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.

    The New Tab page by default shows a list of built-in top sites, as well as the top sites the user has visited. It is detrimental for applications to provide, or install by default, functionality e...
    Rule Medium Severity
    Show

  • Firefox accounts must be disabled.

    Disable Firefox Accounts integration (Sync). It is detrimental for applications to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary ca...
    Rule Medium Severity
    Show

  • Firefox encrypted media extensions must be disabled.

    Enable or disable Encrypted Media Extensions and optionally lock it. If "Enabled" is set to "false", Firefox does not download encrypted media extensions (such as Widevine) unless the user consent...
    Rule Medium Severity
    Show

  • Firefox must be configured to not automatically update installed add-ons and plugins.

    Set this to false to disable checking for updated versions of the Extensions/Themes. Automatic updates from untrusted sites puts the enclave at risk of attack and may override security settings.
    Rule Medium Severity
    Show

  • SRG-APP-000278

    Group
    Show

  • Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.

    Some files can be downloaded or execute without user interaction. This setting ensures these files are not downloaded and executed.
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Firefox must be configured to disable form fill assistance.

    To protect privacy and sensitive data, Firefox provides the ability to configure the program so that data entered into forms is not saved. This mitigates the risk of a website gleaning private info...
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • Firefox must be configured to not automatically check for updated versions of installed search plugins.

    Updates must be controlled and installed from authorized and trusted servers. This setting overrides a number of other settings that may direct the application to access external URLs.
    Rule Medium Severity
    Show

  • SRG-APP-000141

    Group
    Show

  • SRG-APP-000456

    Group
    Show

  • SRG-APP-000560

    Group
    Show

  • Firefox must be configured to allow only TLS 1.2 or above.

    Use of versions prior to TLS 1.2 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure ...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules