Firefox extension recommendations must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251570	FFOX-00-000026	SV-251570r820759_rule		Medium

Description
The Recommended Extensions program makes it easier for users to discover extensions that have been reviewed for security, functionality, and user experience. Allowed extensions are to be centrally managed.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2022-09-09

Details

Check Text ( C-55005r807180_chk )
Type "about:policies" in the browser address bar. If "extensions.htmlaboutaddons.recommendations.enabled" is not displayed with a value of "false", this is a finding.

Fix Text (F-54959r820758_fix)
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "extensions.htmlaboutaddons.recommendations.enabled": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: Preferences extensions.htmlaboutaddons.recommendations.enabled Value Status locked Linux "policies.json" file: Add the following in the policies section: "Preferences": { "extensions.htmlaboutaddons.recommendations.enabled": { "Value": false, "Status": "locked" },

Fix Text (F-54959r820758_fix)

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
"extensions.htmlaboutaddons.recommendations.enabled": {
"Value": false,
"Status": "locked"
}
}

macOS "plist" file:
Add the following:
Preferences

extensions.htmlaboutaddons.recommendations.enabled

Value

Status
locked

Linux "policies.json" file:
Add the following in the policies section:
"Preferences": {
"extensions.htmlaboutaddons.recommendations.enabled": {
"Value": false,
"Status": "locked"
},