UCF STIG Viewer Logo

Mozilla Firefox Security Technical Implementation Guide


Overview

Date Finding Count (27)
2021-06-09 CAT I (High): 1 CAT II (Med): 25 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-223151 High Installed version of Firefox unsupported.
V-223168 Medium Background submission of information to Mozilla must be disabled.
V-223165 Medium Firefox is configured to allow JavaScript to raise or lower windows.
V-223164 Medium FireFox is configured to allow JavaScript to move or resize windows.
V-223167 Medium Extensions install must be disabled.
V-223166 Medium Firefox is configured to allow JavaScript to disable or replace context menus.
V-223161 Medium Firefox is configured to autofill passwords.
V-223160 Medium Firefox formfill assistance option is disabled.
V-223163 Medium FireFox is not configured to block pop-up windows.
V-223162 Medium FireFox is configured to use a password store with or without a master password.
V-223179 Medium The DOD Root Certificate is not installed.
V-223172 Medium Fingerprinting protection must be enabled.
V-223173 Medium Cryptomining protection must be enabled.
V-223170 Medium Telemetry must be disabled.
V-223171 Medium Telemetry archive must be disabled.
V-223177 Medium Deprecated ciphers must be disabled.
V-223174 Medium Enhanced Tracking Protection must be enabled.
V-223175 Medium Extension recommendations must be disabled.
V-223154 Medium Firefox automatically checks for updated version of installed Search plugins.
V-223155 Medium Firefox automatically updates installed add-ons and plugins.
V-223156 Medium Firefox automatically executes or downloads MIME types which are not authorized for auto-download.
V-223157 Medium Network shell protocol is enabled in FireFox.
V-223152 Medium Firefox must be configured to allow only TLS.
V-223153 Medium FireFox is configured to ask which certificate to present to a web site when a certificate is required.
V-223158 Medium Firefox is not configured to prompt a user before downloading and opening required file types.
V-223159 Medium FireFox plug-in for ActiveX controls is installed.
V-223169 Low Firefox Development Tools Must Be Disabled.