Skip to content

Mozilla Firefox STIG

Rules and Groups employed by this XCCDF Profile

  • Firefox must be configured to not delete data upon shutdown.

    The default certificate to present may be configured by setting multiple options under <code>SanitizeOnShutdown</code> key. <ul><li> <code>Cache</c...
    Rule Medium Severity
  • The Firefox New Tab page must not show Top Sites, Sponsored Top sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.

    Display of top sites may be disabled in an administrative policy by setting the following items under <code>FirefoxHome</code> to <code>false</code...
    Rule Medium Severity
  • Firefox must be configured to not use a password store with or without a master password.

    The update check may be disabled in an administrative policy by setting the <code>PasswordManager</code> key under <code>policies</code> to <code>f...
    Rule Medium Severity
  • Enable Firefox Pop-up Blocker

    The pop-up blocker can be enabled by setting <code>Default</code> key under <code>PopupBlocking</code> to <code>true</code> in <code>policies.json<...
    Rule Medium Severity
  • Firefox private browsing must be disabled.

    Private browsing may be disabled in an administrative policy by setting the <code>DisablePrivateBrowsing</code> key under <code>policies</code> to ...
    Rule Medium Severity
  • Firefox search suggestions must be disabled.

    Search Suggestions may be disabled in an administrative policy by setting the <code>SearchSuggestEnabled</code> key under <code>policies</code> to ...
    Rule Medium Severity
  • Disable Installed Search Plugins Update Checking

    Firefox automatically checks for updated versions of search plugins. To disable the automatic updates of plugins, set value of <code>browser.search...
    Rule Medium Severity
  • Firefox must be configured to allow only TLS 1.2 or above.

    Firefox may be configured via administrative policy to allow TLS 1.2 at minimum by setting SSLVersionMin to tls1.2.
    Rule Medium Severity
  • Firefox accounts must be disabled.

    Firefox accounts feature may be disabled via administrative policy by setting <code>DisableFirefoxAccounts</code> under <code>policies</code> to <c...
    Rule Medium Severity
  • Disable Firefox Telemetry

    Telemetry can be disabled by setting toolkit.telemetry.enabled to false.
    Rule Medium Severity
  • Firefox must not recommend extensions as the user is using the browser.

    The extension recommendation messages may be disabled in an administrative policy by setting the <code>ExtensionRecommendations</code> key under <c...
    Rule Medium Severity
  • Enable Certificate Verification

    Firefox can be configured to prompt the user to choose a certificate to present to a website when asked. To enable certificate verification, set <c...
    Rule Medium Severity
  • Disable auto-download for proscribed MIME types.

    Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
    Rule Medium Severity
  • Supported Version of Firefox Installed

    If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or a yum server, run the following command to install updates: <pre>$ s...
    Rule High Severity
  • The DoD Root Certificate Is Required

    The Shared System Certificates store contains certificates that applications can access for a single certificate repository. If enabled, Firefox ca...
    Group
  • The DoD Root Certificate Exists

    The DoD root certificate should be installed in the Shared System Certificates store for Firefox to be able to access the DoD certificate. To insta...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules