[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:60305
New file types cannot be added directly to the helper applications or plugins listing. Files with these extensions will not be allowed to use Firefox publicly available plugins and extensions to open. The application will be configured to open these files using external applications only. After a he ...

oval:org.secpod.oval:def:60310
JavaScript can make changes to the browser's appearance. This activity can help disguise an attack taking place in a minimized background window. Set browser setting to prevent scripts on visited websites from moving and resizing browser windows.

oval:org.secpod.oval:def:60312
JavaScript can make changes to the browser's appearance. Allowing a website to use JavaScript to raise and lower browser windows may disguise an attack. Browser windows may not be set as active via JavaScript.

oval:org.secpod.oval:def:60317
Updates need to be controlled and installed from authorized and trusted servers. This setting overrides a number of other settings which may direct the application to access external URLs.

oval:org.secpod.oval:def:60308
Firefox can be set to store passwords for sites visited by the user. These individual passwords are stored in a file and can be protected by a master password. Autofill of the password can then be enabled when the site is visited. This feature could also be used to autofill the certificate pin which ...

oval:org.secpod.oval:def:60309
Popup windows may be used to launch an attack within a new browser window with altered settings. This setting blocks popup windows created while the page is loading.

oval:org.secpod.oval:def:60314
Use of versions of an application which are not supported by the vendor are not permitted. Vendors respond to security flaws with updates and patches. These updates are not available for unsupported version which can leave the application vulnerable to attack. t webpages will not be able to affect t ...

oval:org.secpod.oval:def:60313
A context menu (also known as a pop-up menu) is often used in a graphical user interface (GUI) and appears upon user interaction (e.g., a right mouse click). A context menu offers a limited set of choices that are available in the current state, or context, of the operating system or application. A ...

oval:org.secpod.oval:def:60302
When a web site asks for a certificate for user authentication, Firefox must be configured to have the user choose which certificate to present. Websites within DOD require user authentication for access which increases security for DoD information. Access will be denied to the user if certificate m ...

oval:org.secpod.oval:def:60319
There should be no background submission of technical and other information from DoD computers to Mozilla with portions posted publically.

oval:org.secpod.oval:def:60303
The default action for file types for which a plugin is installed is to automatically download and execute the file using the associated plugin. Firefox allows you to change the specified download action so that the file is opened with a selected external application or saved to disk instead. View t ...

oval:org.secpod.oval:def:60315
Set this to false to disable checking for updated versions of the Extensions/Themes. Automatic updates from untrusted sites puts the enclave at risk of attack and may override security settings.

oval:org.secpod.oval:def:60318
A browser extension is a program that has been installed into the browser which adds functionality to it. Where a plug-in interacts only with a web page and usually a third party external application (Flash, Adobe Reader) an extension interacts with the browser program itself. Extensions are not emb ...

oval:org.secpod.oval:def:60301
The DOD root certificate will ensure that the trust chain is established for server certificate issued from the DOD CA.

oval:org.secpod.oval:def:73123
A weak cipher is defined as an encryption/decryption algorithm that uses a key of insufficient length. Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken.

oval:org.secpod.oval:def:73119
The Content Blocking/Tracking Protection feature stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the tracker lists you set Firefox to use, then the fingerprinting script (or other tracking script/image) will not ...

oval:org.secpod.oval:def:73117
The Telemetry feature provides this capability by sending performance and usage info to Mozilla. As you use Firefox, Telemetry measures and collects non-personal information, such as performance, hardware, usage and customizations. It then sends this information to Mozilla on a daily basis and we us ...

oval:org.secpod.oval:def:73118
The Content Blocking/Tracking Protection feature stops Firefox from loading content from malicious sites. The content might be a script or an image, for example. If a site is on one of the tracker lists you set Firefox to use, then the fingerprinting script (or other tracking script/image) will not ...

oval:org.secpod.oval:def:73116
The Telemetry feature provides this capability by sending performance and usage info to Mozilla. As you use Firefox, Telemetry measures and collects non-personal information, such as performance, hardware, usage and customizations. It then sends this information to Mozilla on a daily basis and we us ...

oval:org.secpod.oval:def:73120
Tracking generally refers to content, cookies, or scripts that can collect your browsing data across multiple sites.

oval:org.secpod.oval:def:73121
The Recommended Extensions program will make it easier for users to discover extensions that have been reviewed for security, functionality, and user experience.

oval:org.secpod.oval:def:60320
Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information about the web browser and plug-ins or modules being used. When debugging or trace information is enabled in a production web browser, information about the web browser, such as w ...

oval:org.secpod.oval:def:60307
While on the internet, it may be possible for an attacker to view the saved password files and gain access to the user's accounts on various hosts.

oval:org.secpod.oval:def:60311
Use of versions prior to TLS 1.1 are not permitted. SSL 2.0 and SSL 3.0 contain a number of security flaws. These versions must be disabled in compliance with the Network Infrastructure and Secure Remote Computing STIGs.

oval:org.secpod.oval:def:60304
Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed.

oval:org.secpod.oval:def:60306
In order to protect privacy and sensitive data, Firefox provides the ability to configure Firefox such that data entered into forms is not saved. This mitigates the risk of a website gleaning private information from prefilled information.

CPE    1
cpe:/a:mozilla:firefox_rpm
CCE    25
CCE-94533-7
CCE-94539-4
CCE-94535-2
CCE-94531-1
...
*XCCDF
xccdf_org.secpod_benchmark_stig_FIREFOX

© SecPod Technologies