Group
Guide to the Secure Configuration of Firefox
Group contains 1 group and 9 rules |
Group
Firefox
Group contains 9 rules |
[ref]
Firefox is an open-source web browser and developed by Mozilla.
Web browsers such as Firefox are used for a number of reasons. This section
provides settings for configuring Firefox policies to meet compliance
settings for Firefox running on Red Hat Enterprise Linux systems.
|
Rule
Firefox autoplay must be disabled.
[ref] | Audio/Video autoplay may be disabled in an administrative policy by setting
the Default key under Permissions , Autoplay to "block-audio-video" . | Rationale: | Autoplay allows the user to control whether videos can play automatically (without user consent) with audio content. The user must be able to select content that is run within the browser window. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-autoplay_video | References: | | |
|
Rule
Ensure the Content Blocker uBlock Origin is Installed
[ref] | The uBlock Origin will be installed automatically by configuring Firefox policy, and updates will be enabled. It can also be installed through the Mozilla Add-Ons store at https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/. | Rationale: | The content blocking feature of uBlock Origin stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the lists uBlock Origin uses, then the content will not be loaded from that site.
This may prevent malicious ads from confusing users and concealing the page contents, as well as the loading of content that may contain malware. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-content_blocker | |
|
Rule
Enabled Firefox Cryptomining protection
[ref] | Cryptomining protection may be enabled by setting
privacy.trackingprotection.cryptomining.enabled to true . | Rationale: | The Content Blocking/Tracking Protection feature stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the tracker lists you set Firefox to use, then the fingerprinting script (or other tracking script/image) will not be loaded from that site.
Cryptomining scripts use your computer’s central processing unit (CPU) to invisibly mine cryptocurrency. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-cryptomining | References: | | |
|
Rule
Enabled Firefox Enhanced Tracking Protection
[ref] | Enhanced Tracking Protection may be enabled by setting
browser.contentblocking.category to strict . | Rationale: | Tracking generally refers to content, cookies, or scripts that can collect your browsing data across multiple sites. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-enhanced_tracking | References: | | |
|
Rule
Enabled Firefox Fingerprinting Protection
[ref] | Fingerprinting protection may be enabled by setting
Fingerprinting to true under EnableTrackingProtection
in the policies file. | Rationale: | The Content Blocking/Tracking Protection feature stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the tracker lists you set Firefox to use, then the fingerprinting script (or other tracking script/image) will not be loaded from that site.
Fingerprinting scripts collect information about your browser and device configuration, such as your operating system, screen resolution, and other settings. By compiling these pieces of data, fingerprinters create a unique profile of you that can be used to track you around the Web. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-fingerprinting_protection | References: | | |
|
Rule
Disable JavaScript's Raise Or Lower Windows Capability
[ref] | JavaScript can configure and make changes to the web browser's appearance by
specifically raising and lowering windows. This can be disabled by
setting dom.disable_window_flip to true in the policy file. | Rationale: | JavaScript can make changes to the browser’s appearance. Allowing a website
to use JavaScript to raise and lower browser windows may disguise an attack. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-javascript_window_changes | References: | | |
|
Rule
Disable JavaScript's Moving Or Resizing Windows Capability
[ref] | JavaScript can configure and make changes to the web browser's appearance by
specifically moving and resizing browser windows. This can be disabled by
setting dom.disable_window_move_resize to true in the policy file. | Rationale: | JavaScript can make changes to the browser’s appearance. This activity
can help disguise an attack taking place in a minimized background window. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-javascript_window_resizing | References: | | |
|
Rule
Enable Firefox Pop-up Blocker
[ref] | The pop-up blocker can be enabled by setting
Default key under PopupBlocking to true in policies.json .
Allowed may be set to a list of sites allowed to use popups. | Rationale: | Popup windows may be used to launch an attack within a new browser window
with altered settings. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-pop-up_windows | References: | | |
|
Rule
Firefox must be configured to allow only TLS 1.2 or above.
[ref] | Firefox may be configured via administrative policy to allow TLS 1.2 at minimum
by setting SSLVersionMin to tls1.2 . | Rationale: | Use of versions prior to TLS 1.2 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws.
These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs. | Severity: | medium | Rule ID: | xccdf_org.ssgproject.content_rule_firefox_policy-ssl_minimum_version | References: | | |
|