STIGQter STIGQter: STIG Summary: Mozilla FireFox Security Technical Implementation Guide Version: 4 Release: 28 Benchmark Date: 24 Jan 2020: Extensions install must be disabled.

DISA Rule

SV-79381r3_rule

Vulnerability Number

V-64891

Group Title

DTBF186 - Extensions

Rule Version

DTBF186

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Set the preference “xpinstall.enabled” to “false” and lock using the “mozilla.cfg” file. The “mozilla.cfg” file may need to be created if it does not already exist.

Check Contents

Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "xpinstall.enabled" and set the value to “false” and locked.

Criteria: If the value of “xpinstall.enabled” is “false”, this is not a finding.

If the value is locked, this is not a finding.

Vulnerability Number

V-64891

Documentable

False

Rule Version

DTBF186

Severity Override Guidance

Open a browser window, type "about:config" in the address bar, then navigate to the setting for Preference Name "xpinstall.enabled" and set the value to “false” and locked.

Criteria: If the value of “xpinstall.enabled” is “false”, this is not a finding.

If the value is locked, this is not a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

205

Comments