Mozilla Firefox Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Firefox Enhanced Tracking Protection must be enabled.
Tracking generally refers to content, cookies, or scripts that can collect browsing data across multiple sites. It is detrimental for applications to provide, or install by default, functionality ...Rule Medium Severity -
The Firefox New Tab page must not show Top Sites, Sponsored Top Sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.
The New Tab page by default shows a list of built-in top sites, as well as the top sites the user has visited. It is detrimental for applications to provide, or install by default, functionality e...Rule Medium Severity -
Firefox accounts must be disabled.
Disable Firefox Accounts integration (Sync). It is detrimental for applications to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary ca...Rule Medium Severity -
Firefox encrypted media extensions must be disabled.
Enable or disable Encrypted Media Extensions and optionally lock it. If "Enabled" is set to "false", Firefox does not download encrypted media extensions (such as Widevine) unless the user consent...Rule Medium Severity -
Firefox must be configured to not automatically update installed add-ons and plugins.
Set this to false to disable checking for updated versions of the Extensions/Themes. Automatic updates from untrusted sites puts the enclave at risk of attack and may override security settings.Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules