UCF STIG Viewer Logo

Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (25)
2018-09-17 CAT I (High): 1 CAT II (Med): 24 CAT III (Low): 0
STIG Description
The Mozilla Firefox Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-17988 High Installed version of Firefox unsupported.
V-15776 Medium FireFox is configured to use a password store with or without a master password.
V-15774 Medium Firefox formfill assistance option is disabled.
V-15775 Medium Firefox is configured to autofill passwords.
V-19743 Medium Firefox required security preferences cannot be changed by user.
V-19742 Medium Firefox automatically updates installed add-ons and plugins.
V-19741 Medium Firefox application is set to auto-update.
V-19744 Medium Firefox automatically checks for updated version of installed Search plugins.
V-15768 Medium FireFox is configured to ask which certificate to present to a web site when a certificate is required.
V-15770 Medium Firefox automatically executes or downloads MIME types which are not authorized for auto-download.
V-79053 Medium Background submission of information to Mozilla must be disabled.
V-6318 Medium The DOD Root Certificate is not installed.
V-64891 Medium Extensions install must be disabled.
V-15985 Medium Firefox is configured to allow JavaScript to raise or lower windows.
V-15777 Medium History retention must be enabled.
V-15987 Medium Firefox is configured to allow JavaScript to hide or change the status bar.
V-15986 Medium Firefox is configured to allow JavaScript to disable or replace context menus.
V-15772 Medium Firefox not configured to prompt user before download and opening for required file types.
V-15773 Medium FireFox plug-in for ActiveX controls is installed.
V-15983 Medium Firefox must be configured to allow only TLS.
V-15771 Medium Network shell protocol is enabled in FireFox.
V-15989 Medium Firefox is not configured to provide warnings when a user switches from a secure (SSL-enabled) to a non-secure page.
V-15988 Medium Firefox is configured to allow JavaScript to change the status bar text.
V-15778 Medium FireFox is not configured to block pop-up windows.
V-15779 Medium FireFox is configured to allow JavaScript to move or resize windows.