Firefox must be configured to disable the installation of extensions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251557	FFOX-00-000013	SV-251557r807143_rule		Medium

Description
A browser extension is a program that has been installed into the browser to add functionality. Where a plug-in interacts only with a web page and usually a third-party external application (e.g., Flash, Adobe Reader), an extension interacts with the browser program itself. Extensions are not embedded in web pages and must be downloaded and installed in order to work. Extensions allow browsers to avoid restrictions that apply to web pages. For example, an extension can be written to combine data from multiple domains and present it when a certain page is accessed, which can be considered cross-site scripting. If a browser is configured to allow unrestricted use of extensions, plug-ins can be loaded and installed from malicious sources and used on the browser.

Description

A browser extension is a program that has been installed into the browser to add functionality. Where a plug-in interacts only with a web page and usually a third-party external application (e.g., Flash, Adobe Reader), an extension interacts with the browser program itself. Extensions are not embedded in web pages and must be downloaded and installed in order to work. Extensions allow browsers to avoid restrictions that apply to web pages. For example, an extension can be written to combine data from multiple domains and present it when a certain page is accessed, which can be considered cross-site scripting. If a browser is configured to allow unrestricted use of extensions, plug-ins can be loaded and installed from malicious sources and used on the browser.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2021-12-01

Details

Check Text ( C-54992r807141_chk )
Type "about:policies" in the browser address bar. If "InstallAddonsPermission" is not displayed under Policy Name or the Policy Value is not "Default" "false", this is a finding.

Fix Text (F-54946r807142_fix)
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Addons Policy Name: Allow add-on installs from websites Policy State: Disabled macOS "plist" file: Add the following: InstallAddonsPermission Linux "policies.json" file: Add the following in the policies section: "InstallAddonsPermission": false

Fix Text (F-54946r807142_fix)

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Addons
Policy Name: Allow add-on installs from websites
Policy State: Disabled

macOS "plist" file:
Add the following:
InstallAddonsPermission

Linux "policies.json" file:
Add the following in the policies section:
"InstallAddonsPermission": false