Mozilla Firefox STIG
Rules and Groups employed by this XCCDF Profile
-
Firefox
Firefox is an open-source web browser and developed by Mozilla. Web browsers such as Firefox are used for a number of reasons. This section provides settings for configuring Firefox policies to mee...Group -
Firefox must be configured to disable the installation of extensions.
Addon installation may be disabled in an administrative policy by setting theInstallAddonsPermissionkey underpoliciestofalse.Rule Medium Severity -
Firefox autoplay must be disabled.
Audio/Video autoplay may be disabled in an administrative policy by setting theDefaultkey underPermissions,Autoplayto"block-audio-video".Rule Medium Severity -
Enabled Firefox Cryptomining protection
Cryptomining protection may be enabled by settingprivacy.trackingprotection.cryptomining.enabledtotrue.Rule Medium Severity -
Disable Firefox Development Tools
Firefox provides development tools which identify detailed information about the browser and its configuration. These details are often also recorded into a log file, giving an attacker the abili...Rule Low Severity -
Disable Firefox deprecated ciphers
Pocket may be disabled by settingTLS_RSA_WITH_3DES_EDE_CBC_SHAtotrueunderDisabledCiphersin the policies file.Rule Medium Severity -
Firefox must be configured to disable form fill assistance.
The update check may be disabled in an administrative policy by setting theDisableFormHistorykey underpoliciestotrue.Rule Medium Severity -
Disable Firefox Pocket
Pocket may be disabled by settingDisablePockettotruein the policies file.Rule Medium Severity -
Disable Firefox Studies
Pocket may be disabled by settingDisableFirefoxStudiestotruein the policies file.Rule Medium Severity -
Firefox must be configured so that DNS over HTTPS is disabled.
DNS over HTTPS feature may be disabled via administrative policy by settingEnabledunderDNSOverHTTPStofalse.Rule Medium Severity -
Firefox encrypted media extensions must be disabled.
Firefox's Encrypted Media Extensions support playback of media content that is subject to Digital Right Management. These extensions may be disabled completely by setting <ul> <li> <code>Enabled</c...Rule Medium Severity -
Enabled Firefox Enhanced Tracking Protection
Enhanced Tracking Protection may be enabled by settingbrowser.contentblocking.categorytostrict.Rule Medium Severity -
Disabled Firefox Extension Recommendations
Extension recommendations may be disabled by settingextensions.htmlaboutaddons.recommendations.enabledtofalsein the policy file.Rule Medium Severity -
Firefox must be configured to not automatically update installed add-ons and plugins.
Firefox has a feature to permit installed add-ons and plugins to automatically update. The check may be disabled in an administrative policy by setting the <code>ExtensionUpdate</code> key under <c...Rule Medium Severity -
Firefox feedback reporting must be disabled.
Feedback reporting feature may be disabled via administrative policy by settingDisableFeedbackCommandsunderpoliciestotrue.Rule Medium Severity -
Enabled Firefox Fingerprinting Protection
Fingerprinting protection may be enabled by settingFingerprintingtotrueunderEnableTrackingProtectionin the policies file.Rule Medium Severity -
Firefox must prevent the user from quickly deleting data.
The update check may be disabled in an administrative policy by setting theDisableForgetButtonkey underpoliciestotrue.Rule Medium Severity -
Disable JavaScript's Raise Or Lower Windows Capability
JavaScript can configure and make changes to the web browser's appearance by specifically raising and lowering windows. This can be disabled by setting <code>dom.disable_window_flip</code> to <code...Rule Medium Severity -
Disable JavaScript's Moving Or Resizing Windows Capability
JavaScript can configure and make changes to the web browser's appearance by specifically moving and resizing browser windows. This can be disabled by setting <code>dom.disable_window_move_resize</...Rule Medium Severity -
Disable Firefox network prediction
Firefox has a feature where it predicts and caches DNS requests. This can be disabled by settingNetworkPredictiontotruein the policy file.Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.