Mozilla Firefox Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Firefox extension recommendations must be disabled.
The Recommended Extensions program makes it easier for users to discover extensions that have been reviewed for security, functionality, and user experience. Allowed extensions are to be centrally ...Rule Medium Severity -
SRG-APP-000141
Group -
Firefox deprecated ciphers must be disabled.
A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the poss...Rule Medium Severity -
SRG-APP-000141
Group -
Firefox must not recommend extensions as the user is using the browser.
The Recommended Extensions program recommends extensions to users as they surf the web. The user must not be encouraged to install extensions from the websites they visit. Allowed extensions are t...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000141
Group -
Firefox must be configured so that DNS over HTTPS is disabled.
DNS over HTTPS has generally not been adopted in the DoD. DNS is tightly controlled. It is detrimental for applications to provide, or install by default, functionality exceeding requirements or m...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000141
Group -
Firefox feedback reporting must be disabled.
Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site). It is detrimental for applications to provide, or install by default, functionality exceeding requirements or missi...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000141
Group -
Firefox must be configured to not delete data upon shutdown.
For diagnostic purposes, data must remain behind when the browser is closed. This is required to meet non-repudiation controls.Rule Medium Severity -
SRG-APP-000141
Group -
Pocket must be disabled.
Pocket, previously known as Read It Later, is a social bookmarking service for storing, sharing, and discovering web bookmarks. Data gathering cloud services such as this are generally disabled in ...Rule Medium Severity -
SRG-APP-000141
Group -
Firefox Studies must be disabled.
Studies try out different features and ideas before they are released to all Firefox users. Testing beta software is not in the DoD user's mission.Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.