Skip to content

Mozilla Firefox STIG

Rules and Groups employed by this XCCDF Profile

  • Firefox

    Firefox is an open-source web browser and developed by Mozilla. Web browsers such as Firefox are used for a number of reasons. This section provide...
    Group
  • Firefox must be configured to disable the installation of extensions.

    Addon installation may be disabled in an administrative policy by setting the <code>InstallAddonsPermission</code> key under <code>policies</code> ...
    Rule Medium Severity
  • Firefox autoplay must be disabled.

    Audio/Video autoplay may be disabled in an administrative policy by setting the <code>Default</code> key under <code>Permissions</code>, <code>Auto...
    Rule Medium Severity
  • Enabled Firefox Cryptomining protection

    Cryptomining protection may be enabled by setting privacy.trackingprotection.cryptomining.enabled to true.
    Rule Medium Severity
  • Disable Firefox Development Tools

    Firefox provides development tools which identify detailed information about the browser and its configuration. These details are often also reco...
    Rule Low Severity
  • Disable Firefox deprecated ciphers

    Pocket may be disabled by setting <code>TLS_RSA_WITH_3DES_EDE_CBC_SHA</code> to <code>true</code> under <code>DisabledCiphers</code> in the policie...
    Rule Medium Severity
  • Firefox must be configured to disable form fill assistance.

    The update check may be disabled in an administrative policy by setting the <code>DisableFormHistory</code> key under <code>policies</code> to <cod...
    Rule Medium Severity
  • Disable Firefox Pocket

    Pocket may be disabled by setting DisablePocket to true in the policies file.
    Rule Medium Severity
  • Disable Firefox Studies

    Pocket may be disabled by setting DisableFirefoxStudies to true in the policies file.
    Rule Medium Severity
  • Firefox must be configured so that DNS over HTTPS is disabled.

    DNS over HTTPS feature may be disabled via administrative policy by setting <code>Enabled</code> under <code>DNSOverHTTPS</code> to <code>false</co...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules