Detections
Analytics
FFOX-00-000008 - Firefox must be configured to not use a password store with or without a master password.
Information
Firefox can be set to store passwords for sites visited by the user. These individual passwords are stored in a file and can be protected by a master password. Autofill of the password can then be enabled when the site is visited. This feature could also be used to autofill the certificate PIN, which could lead to compromise of DoD information.Solution
Windows group policy:1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefox
Policy Name: PasswordManager
Policy State: Disabled
macOS 'plist' file:
Add the following:
<key>PasswordManagerEnabled</key>
<false/>
Linux 'policies.json' file:
Add the following in the policies section:
'PasswordManagerEnabled': false
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R7_STIG.zip
Item Details
Audit Name: DISA STIG Mozilla Firefox MacOS v6r7
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-251552r960963_rule, STIG-ID|FFOX-00-000008, Vuln-ID|V-251552
Plugin: Unix
Control ID: 0d8fe67186f969488f5b43e376452455d11aa59acf10cbdec074c519607ec249