UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (25)
2018-09-17 CAT I (High): 1 CAT II (Med): 24 CAT III (Low): 0
STIG Description
The Mozilla Firefox Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-17988 High Installed version of Firefox unsupported.
V-15776 Medium FireFox is configured to use a password store with or without a master password.
V-15774 Medium Firefox formfill assistance option is disabled.
V-15775 Medium Firefox is configured to autofill passwords.
V-19743 Medium Firefox required security preferences cannot be changed by user.
V-19742 Medium Firefox automatically updates installed add-ons and plugins.
V-19741 Medium Firefox application is set to auto-update.
V-19744 Medium Firefox automatically checks for updated version of installed Search plugins.
V-15768 Medium FireFox is configured to ask which certificate to present to a web site when a certificate is required.
V-15770 Medium Firefox automatically executes or downloads MIME types which are not authorized for auto-download.
V-79053 Medium Background submission of information to Mozilla must be disabled.
V-6318 Medium The DOD Root Certificate is not installed.
V-64891 Medium Extensions install must be disabled.
V-15985 Medium Firefox is configured to allow JavaScript to raise or lower windows.
V-15777 Medium History retention must be enabled.
V-15987 Medium Firefox is configured to allow JavaScript to hide or change the status bar.
V-15986 Medium Firefox is configured to allow JavaScript to disable or replace context menus.
V-15772 Medium Firefox not configured to prompt user before download and opening for required file types.
V-15773 Medium FireFox plug-in for ActiveX controls is installed.
V-15983 Medium Firefox must be configured to allow only TLS.
V-15771 Medium Network shell protocol is enabled in FireFox.
V-15989 Medium Firefox is not configured to provide warnings when a user switches from a secure (SSL-enabled) to a non-secure page.
V-15988 Medium Firefox is configured to allow JavaScript to change the status bar text.
V-15778 Medium FireFox is not configured to block pop-up windows.
V-15779 Medium FireFox is configured to allow JavaScript to move or resize windows.