STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Mozilla Firefox Security Technical Implementation Guide

Version

V6R7

Benchmark ID

MOZ_Firefox_STIG

Total Checks

34

Tags

application
CAT I: 2CAT II: 30CAT III: 2

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (34)

V-251545HIGHThe installed version of Firefox must be supported.V-251546HIGHFirefox must be configured to allow only TLS 1.2 or above.V-251547MEDIUMFirefox must be configured to ask which certificate to present to a website when a certificate is required.V-251548MEDIUMFirefox must be configured to not automatically check for updated versions of installed search plugins.V-251549MEDIUMFirefox must be configured to not automatically update installed add-ons and plugins.V-251550MEDIUMFirefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.V-251551MEDIUMFirefox must be configured to disable form fill assistance.V-251552MEDIUMFirefox must be configured to not use a password store with or without a master password.V-251553MEDIUMFirefox must be configured to block pop-up windows.V-251554MEDIUMFirefox must be configured to prevent JavaScript from moving or resizing windows.V-251555MEDIUMFirefox must be configured to prevent JavaScript from raising or lowering windows.V-251557MEDIUMFirefox must be configured to disable the installation of extensions.V-251558MEDIUMBackground submission of information to Mozilla must be disabled.V-251559LOWFirefox development tools must be disabled.V-251560MEDIUMFirefox must have the DOD root certificates installed.V-251562MEDIUMFirefox must prevent the user from quickly deleting data.V-251563MEDIUMFirefox private browsing must be disabled.V-251564MEDIUMFirefox search suggestions must be disabled.V-251565LOWFirefox autoplay must be disabled.V-251566MEDIUMFirefox network prediction must be disabled.V-251567MEDIUMFirefox fingerprinting protection must be enabled.V-251568MEDIUMFirefox cryptomining protection must be enabled.V-251569MEDIUMFirefox Enhanced Tracking Protection must be enabled.V-251570MEDIUMFirefox extension recommendations must be disabled.V-251571MEDIUMFirefox deprecated ciphers must be disabled.V-251572MEDIUMFirefox must not recommend extensions as the user is using the browser.V-251573MEDIUMThe Firefox New Tab page must not show Top Sites, Sponsored Top Sites, Pocket Recommendations, Sponsored Pocket Stories, Searches, Highlights, or Snippets.V-251577MEDIUMFirefox must be configured so that DNS over HTTPS is disabled.V-251578MEDIUMFirefox accounts must be disabled.V-251580MEDIUMFirefox feedback reporting must be disabled.V-251581MEDIUMFirefox encrypted media extensions must be disabled.V-252881MEDIUMFirefox must be configured to not delete data upon shutdown.V-252908MEDIUMPocket must be disabled.V-252909MEDIUMFirefox Studies must be disabled.