Mozilla Firefox Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Firefox must be configured to prevent JavaScript from raising or lowering windows.
<VulnDiscussion>JavaScript can raise and lower browser windows to cause improper input. Configure the browser setting to prevent scripts on v...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Firefox must be configured to disable the installation of extensions.
<VulnDiscussion>A browser extension is a program that has been installed into the browser to add functionality. Where a plug-in interacts onl...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Background submission of information to Mozilla must be disabled.
<VulnDiscussion>Firefox by default sends information about Firefox to Mozilla servers. There should be no background submission of technical ...Rule Medium Severity -
SRG-APP-000266
<GroupDescription></GroupDescription>Group -
Firefox development tools must be disabled.
<VulnDiscussion>Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information abo...Rule Low Severity -
SRG-APP-000175
<GroupDescription></GroupDescription>Group -
Firefox must have the DOD root certificates installed.
<VulnDiscussion>The DOD root certificates will ensure that the trust chain is established for server certificates issued from the DOD Certifi...Rule Medium Severity -
SRG-APP-000326
<GroupDescription></GroupDescription>Group -
Firefox must prevent the user from quickly deleting data.
<VulnDiscussion>There should not be an option for a user to "forget" work they have done. This is required to meet non-repudiation controls.&...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Firefox private browsing must be disabled.
<VulnDiscussion>Private browsing allows the user to browse the internet without recording their browsing history/activity. From a forensics p...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Firefox search suggestions must be disabled.
<VulnDiscussion>Search suggestions must be disabled as this could lead to searches being conducted that were never intended to be made.</V...Rule Medium Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Firefox autoplay must be disabled.
<VulnDiscussion>Autoplay allows the user to control whether videos can play automatically (without user consent) with audio content. The user...Rule Low Severity -
SRG-APP-000141
<GroupDescription></GroupDescription>Group -
Firefox network prediction must be disabled.
<VulnDiscussion>If network prediction is enabled, requests to URLs are made without user consent. The browser should always make a direct DNS...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.