Firefox application is set to auto-update.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57665 | DTBF-0023 | SV-72075r1_rule | Medium |
| Description |
|---|
| Allowing software updates from non-trusted sites can introduce settings that will override a secured installation of the application. This can place DoD information at risk. If this setting is enabled, then there are many other default settings which point to untrusted sites which must be changed to point to an authorized update site that is not publicly accessible. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58487r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference names are set and locked. “app.update.enabled”, set to “false”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62867r2_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: "app.update.enable", set to “false”. |