Firefox is configured to autofill passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57595 | DTBF-0011 | SV-72005r1_rule | Medium |
| Description |
|---|
| While on the internet, it may be possible for an attacker to view the saved password files and gain access to the user's accounts on various hosts. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58427r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. “signon.prefillForms”, set to “false”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62795r2_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “signon.prefillForms”, set to “false”. |