UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Firefox SSLV2 parameter is configured to allow use of SSL 3.0.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15982 DTBF010 SV-16924r3_rule ECSC-1 Medium
Description
Use of versions prior to TLS 1.0 are not permitted because these versions are non-standard. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.
STIG Date
Mozilla Firefox 2015-06-30

Details

Check Text ( C-16609r2_chk )
Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "security.enable_ssl3" and verify the value is set to "false".

Criteria: If the parameter is set incorrectly, then this is a finding. If the value is not locked this is a finding.
Fix Text (F-15983r3_fix)
Set the preference "security.enable_ssl3" is set to "false" and lock using the Mozilla.cfg file.