UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (27)
2020-12-10 CAT I (High): 1 CAT II (Med): 25 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-223151 High Installed version of Firefox unsupported.
V-223168 Medium Background submission of information to Mozilla must be disabled.
V-223165 Medium Firefox is configured to allow JavaScript to raise or lower windows.
V-223164 Medium FireFox is configured to allow JavaScript to move or resize windows.
V-223167 Medium Extensions install must be disabled.
V-223166 Medium Firefox is configured to allow JavaScript to disable or replace context menus.
V-223161 Medium Firefox is configured to autofill passwords.
V-223160 Medium Firefox formfill assistance option is disabled.
V-223163 Medium FireFox is not configured to block pop-up windows.
V-223162 Medium FireFox is configured to use a password store with or without a master password.
V-223179 Medium The DOD Root Certificate is not installed.
V-223172 Medium Fingerprinting protection must be enabled.
V-223173 Medium Cryptomining protection must be enabled.
V-223170 Medium Telemetry must be disabled.
V-223171 Medium Telemetry archive must be disabled.
V-223177 Medium Deprecated ciphers must be disabled.
V-223174 Medium Enhanced Tracking Protection must be enabled.
V-223175 Medium Extension recommendations must be disabled.
V-223154 Medium Firefox automatically checks for updated version of installed Search plugins.
V-223155 Medium Firefox automatically updates installed add-ons and plugins.
V-223156 Medium Firefox automatically executes or downloads MIME types which are not authorized for auto-download.
V-223157 Medium Network shell protocol is enabled in FireFox.
V-223152 Medium Firefox must be configured to allow only TLS.
V-223153 Medium FireFox is configured to ask which certificate to present to a web site when a certificate is required.
V-223158 Medium Firefox is not configured to prompt a user before downloading and opening required file types.
V-223159 Medium FireFox plug-in for ActiveX controls is installed.
V-223169 Low Firefox Development Tools Must Be Disabled.