STIGQter: STIG Summary: Mozilla Firefox Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 22 Jan 2021:

Extensions install must be disabled.

DISA Rule

SV-223167r612236_rule

Vulnerability Number

V-223167

Group Title

SRG-APP-000141

Rule Version

DTBF186

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Set the preference “xpinstall.enabled” to “false” and lock using the “mozilla.cfg” file. The “mozilla.cfg” file may need to be created if it does not already exist.

Check Contents

Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "xpinstall.enabled" and set the value to “false” and locked.

Criteria: If the value of “xpinstall.enabled” is “false”, this is not a finding.

If the value is locked, this is not a finding.

Vulnerability Number

V-223167

Documentable

False

Rule Version

DTBF186

Severity Override Guidance

Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "xpinstall.enabled" and set the value to “false” and locked.

Criteria: If the value of “xpinstall.enabled” is “false”, this is not a finding.

If the value is locked, this is not a finding.

Check Content Reference

M

Target Key

4097

Comments