Firefox must be configured to not delete data upon shutdown.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-252881 | FFOX-00-000017 | SV-252881r820757_rule | Medium |
| Description |
|---|
| For diagnostic purposes, data must remain behind when the browser is closed. This is required to meet non-repudiation controls. |
| STIG | Date |
|---|---|
| Mozilla Firefox Security Technical Implementation Guide | 2022-09-09 |
Details
| Check Text ( C-56337r820755_chk ) |
|---|
| Type "about:policies" in the browser address bar. If "SanitizeOnShutdown" is not displayed under Policy Name or the Policy Value does not have {"Cache":false,"Cookies":false,"Downloads":false,"FormData":false,"Sessions":false,"History":false,"OfflineApps":false,"SiteSettings":false,"Locked":true}, this is a finding. |
| Fix Text (F-56287r820756_fix) |
|---|
| Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Clear data when browser is closed Policy Name: Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences, Offline Website Data Policy State: Disabled Policy Name: Locked Policy State: Enabled macOS "plist" file: Add the following: Linux "policies.json" file: Add the following in the policies section: "SanitizeOnShutdown": { "Cache": false, "Cookies": false, "Downloads": false, "FormData": false, "History": false, "Sessions": false, "SiteSettings": false, "OfflineApps": false, "Locked": true } |