FFOX-00-000024 - Firefox cryptomining protection must be enabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Content Blocking/Tracking Protection feature stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the tracker lists that Firefox is set to use, the fingerprinting script (or other tracking script/image) will not be loaded from that site.

Cryptomining scripts use a computer's central processing unit to invisibly mine cryptocurrency.

Solution

Windows group policy:
1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefoxTracking Protection
Policy Name: Cryptomining
Policy State: Enabled

macOS 'plist' file:
Add the following:
<key>EnableTrackingProtection</key>
<dict>
<key>Cryptomining</key>
<true/>
</dict>

Linux 'policies.json' file:
Add the following in the policies section:
'EnableTrackingProtection': {
'Cryptomining': true
}

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-251568r807176_rule, STIG-ID|FFOX-00-000024, Vuln-ID|V-251568

Plugin: Unix

Control ID: b734d480b6f4cca4dd894bd0b1ff8faa10465c721ee6b87388cd1a8dc6835cf8