1) Applying the STIG on Windows is quite easy. However they fail to provide guidance on how to apply it on Linux. I hope this helps.
2) You will create two files; autoconfig.js and mozilla.cfg.
a) autoconfig.js is as follows. There must be two additional forward slashes at the start of the text below.
//
pref(“general.config.filename”, “mozilla.cfg”);
pref(“general.config.obscure_value”, 0);
b) mozilla.cfg is as follows. There must be two additional forward slashes at the start of the text below.
//
// SV-16707 – DTBF050
lockPref(“security.default_personal_cert”, “Ask Every Time”);
// SV-16710 – DTBF105
lockPref(“network.protocol-handler.external.shell”,false);
// SV-16711 – DTBF110
lockPref(“plugin.disable_full_page_plugin_for_types”,”application/pdf,application/fdf,application/xfdf,application/lso,application/lss,application/iqy,application/rqy,application/lsl,application/xlk,application/xls,application/xlt,application/pot,application/pps,application/ppt,application/dos,application/dot,application/wks,application/bat,application/ps,application/eps,application/wch,application/wcm,application/wb1,application/wb3,application/rtf,application/doc,application/mdb,application/mde,application/wbk,application/ad,application/adp”);
// SV-16713 – DTBF140
lockPref(“browser.formfill.enable”, false);
// SV-16714 – DTBF150
lockPref(“signon.autofillForms”, false);
// SV-16715 – DTBF160
lockPref(“signon.rememberSignons”, false);
// SV-16717 – DTBF180
lockPref(“dom.disable_window_open_feature.status”, true);
// SV-16718 – DTBF181
lockPref(“dom.disable_window_move_resize”, true);
// SV-16925 – DTBF030
lockPref(“security.enable_tls”, true);
// SV-16925 – DTBF030
lockPref(“security.tls.version.min”, 2);
// SV-16925 – DTBF030
lockPref(“security.tls.version.max”, 4);
// SV-16727 – DTBF182
lockPref(“dom.disable_window_flip”, true);
// SV-16928 – DTBF183
lockPref(“dom.event.contextmenu.enabled”, false);
// SV-21890 – DTBF085
lockPref(“browser.search.update”, false);
// SV-59603 – DTBF090
lockPref(“extensions.update.enabled”, false);
// SV-79381 – DTBF186
lockPref(“xpinstall.enabled”, false);
// SV-93759 – DTBF190
lockPref(“datareporting.policy.dataSubmissionEnabled”, false);
// SV-106633 – DTBF195
lockPref(“devtools.policy.disabled”, true);
// SV-111837 – DTBF200
lockPref(“toolkit.telemetry.enabled”, false);
// SV-111839 – DTBF205
lockPref(“toolkit.telemetry.archive.enabled”, false);
// SV-111841 – DTBF210
lockPref(“privacy.trackingprotection.fingerprinting.enabled”, true);
// SV-111843 – DTBF215
lockPref(“privacy.trackingprotection.cryptomining.enabled”, true);
// SV-111845 – DTBF220
lockPref(“browser.contentblocking.category”, “strict”);
// SV-111847 – DTBF225
lockPref(“extensions.htmlaboutaddons.recommendations.enabled”, false);
// SV-111849 – DTBF230
lockPref(“browser.newtabpage.activity-stream.enabled”, false);
// SV-111851 – DTBF235
lockPref(“security.ssl3.rsa_des_ede3_sha”, false);
3) At the console or via ssh, create the files in the Ubuntu locations.
> sudo vi /usr/lib/firefox/mozilla.cfg and paste the text shown above in 2b. There should be no extra space or line at the top or bottom of the text.
> sudo chmod 644 /usr/lib/firefox/mozilla.cfg
> sudo vi /usr/lib/firefox/defaults/pref/autoconfig.js and paste the text above in 2a. There should be no extra space or line at the top or bottom of the text.
> sudo chmod 644 /usr/lib/firefox/defaults/pref/autoconfig.js
4) Start Firefox. In the location bar, enter about:config. In the search field enter plugin. and you will see that plugin.disable_full_page_plugin_for_types is grayed out with a lock icon to the left. Try any other from the mozilla.cfg list and they should be the same.
Thank you, friend. Saved my day.
Very helpful, thank you very much for taking the time to share this information. Kudos!