1) Applying the STIG on Windows is quite easy. However they fail to provide guidance on how to apply it on Linux. I hope this helps.

2) You will create two files; autoconfig.js and mozilla.cfg.

a) autoconfig.js is as follows. There must be two additional forward slashes at the start of the text below.

pref(“general.config.filename”, “mozilla.cfg”);
pref(“general.config.obscure_value”, 0);

b) mozilla.cfg is as follows. There must be two additional forward slashes at the start of the text below.

// SV-16707 – DTBF050
lockPref(“security.default_personal_cert”, “Ask Every Time”);
// SV-16710 – DTBF105
// SV-16711 – DTBF110
// SV-16713 – DTBF140
lockPref(“browser.formfill.enable”, false);
// SV-16714 – DTBF150
lockPref(“signon.autofillForms”, false);
// SV-16715 – DTBF160
lockPref(“signon.rememberSignons”, false);
// SV-16717 – DTBF180
lockPref(“dom.disable_window_open_feature.status”, true);
// SV-16718 – DTBF181
lockPref(“dom.disable_window_move_resize”, true);
// SV-16925 – DTBF030
lockPref(“security.enable_tls”, true);
// SV-16925 – DTBF030
lockPref(“security.tls.version.min”, 2);
// SV-16925 – DTBF030
lockPref(“security.tls.version.max”, 4);
// SV-16727 – DTBF182
lockPref(“dom.disable_window_flip”, true);
// SV-16928 – DTBF183
lockPref(“dom.event.contextmenu.enabled”, false);
// SV-21890 – DTBF085
lockPref(“browser.search.update”, false);
// SV-59603 – DTBF090
lockPref(“extensions.update.enabled”, false);
// SV-79381 – DTBF186
lockPref(“xpinstall.enabled”, false);
// SV-93759 – DTBF190
lockPref(“datareporting.policy.dataSubmissionEnabled”, false);
// SV-106633 – DTBF195
lockPref(“devtools.policy.disabled”, true);
// SV-111837 – DTBF200
lockPref(“toolkit.telemetry.enabled”, false);
// SV-111839 – DTBF205
lockPref(“toolkit.telemetry.archive.enabled”, false);
// SV-111841 – DTBF210
lockPref(“privacy.trackingprotection.fingerprinting.enabled”, true);
// SV-111843 – DTBF215
lockPref(“privacy.trackingprotection.cryptomining.enabled”, true);
// SV-111845 – DTBF220
lockPref(“browser.contentblocking.category”, “strict”);
// SV-111847 – DTBF225
lockPref(“extensions.htmlaboutaddons.recommendations.enabled”, false);
// SV-111849 – DTBF230
lockPref(“browser.newtabpage.activity-stream.enabled”, false);
// SV-111851 – DTBF235
lockPref(“security.ssl3.rsa_des_ede3_sha”, false);

3) At the console or via ssh, create the files in the Ubuntu locations.

> sudo vi /usr/lib/firefox/mozilla.cfg and paste the text shown above in 2b. There should be no extra space or line at the top or bottom of the text.
> sudo chmod 644 /usr/lib/firefox/mozilla.cfg

> sudo vi /usr/lib/firefox/defaults/pref/autoconfig.js and paste the text above in 2a. There should be no extra space or line at the top or bottom of the text.
> sudo chmod 644 /usr/lib/firefox/defaults/pref/autoconfig.js

4) Start Firefox. In the location bar, enter about:config. In the search field enter plugin. and you will see that plugin.disable_full_page_plugin_for_types is grayed out with a lock icon to the left. Try any other from the mozilla.cfg list and they should be the same.ffox_lock