UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox application is set to auto-update.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19741 DTBF080 SV-21887r3_rule Medium
Description
Allowing software updates from non-trusted sites can introduce settings that will override a secured installation of the application. This can place DoD information at risk. If this setting is enabled, then there are many other default settings which point to untrusted sites which must be changed to point to an authorized update site that is not publicly accessible.
STIG Date
Mozilla Firefox Security Technical Implementation Guide 2018-09-17

Details

Check Text ( C-24187r3_chk )
Type "about:config" in the browser window.

Verify that:

1. The preference name "app.update.enabled" is set to ”true” and locked.

2. Verify that "app.update.url", "app.update.url.details", and "app.update.url.manual" contain url information that point to a trusted internal server or the default setting of “Mozilla.com” or “Mozilla.org”.

Criteria: If the parameter is set incorrectly, this is a finding.

If this setting is not locked, this is a finding.
Fix Text (F-20414r4_fix)
Ensure the preference "app.update.enable" is set and locked to the value of “True” or that a trusted server is used.