This Firefox STIG leaves out important details. They could make it very simple to implement but they don’t.  For more, see: http://kb.mozillazine.org/About:config

1) Create a file called local-settings.js and add one line:
pref(“general.config.filename”,”mozilla.cfg”);

2) Place local-settings.js in:

c:\<firefox path>\defaults\pref folder.

3) Create a file called mozilla.txt. Add the text below (everything under contents of mozilla.txt).  Launch Firefox and browse to:
http://www.alain.knaff.lu/howto/MozillaCustomization/cgi/byteshf.cgi

4) View the middle of the page. Under Upload mozilla.txt to get mozilla.cfg (byteshift 13), click browse, select your mozilla.txt file. Next, click Convert mozilla.txt to mozilla.cfg, save the file when prompted and place it in c:\<firefox path>\Mozilla Firefox\.

Contents of mozilla.txt:

//Firefox Settings
lockPref(“security.tls.version.min”, 1);
lockPref(“security.default_personal_cert”, “Ask Every Time”);
lockPref(“network.protocol-handler.external.shell”, false);
lockPref(“plugin.disable_full_page_plugin_for_types”, “application/pdf,application/fdf,application/xfdf,application/lsl,application/lso,application/lss,application/iqy,application/rqy,application/xlk,application/xls,application/xlt,application/pot,application/pps,application/ppt,application/dos,application/dot,application/wks,application/bat,application/ps,application/eps,application/wch,application/wcm,application/wb1,application/wb3,application/rtf,application/doc,application/mdb,application/mde,application/ad,application/,application/adp”);
lockPref(“browser.formfill.enable”, false);
lockPref(“signon.autofillForms”, false);
lockPref(“signon.rememberSignons”, false);
lockPref(“privacy.sanitize.sanitizeOnShutdown”, true);
lockPref(“dom.disable_window_open_feature.status”, true);
lockPref(“dom.disable_window_move_resize”, true);
lockPref(“security.tls.version.max”, 3);
lockPref(“dom.disable_window_flip”, true);
lockPref(“dom.event.contextmenu.enabled”, false);
lockPref(“dom.disable_window_status_change”, true);
lockPref(“dom.disable_window_open_feature.status”, true);
lockPref(“browser.startup.homepage”, “about:home”);
lockPref(“app.update.enabled”, false);
lockPref(“extensions.update.enabled”, false);
lockPref(“browser.search.update”, false);
// The end

This is a quick post to show you how to enable legacy SSL and Java SSL support in your browser for those old, crusty websites and applications you have in your organization. Note that this should not be done on Internet facing systems. Only offline or systems that are not routed to the Internet should implement these changes.

1) Launch Firefox. Type about:config in the location bar.
2) In the search bar that comes up, enter: security.tls.version.min. Double-click on the entry that appears and change the value to 0.
3) Do the same for security.tls.version.fallback-limit.
4) Try to connect to your site. It should now work for you.

Enable SSL in Java (it has been disabled for a few rev’s now)
1) Open Windows explorer and browse to either (or both if you have x32/x64 bit Java installed):

C:\Program Files (x86)\Java\jre1.8.0_45\lib\security
C:\Program Files\Java\jre1.8.0_45\lib\security

2) Double-click the file named java.security. You will be prompted to select a program to open the file. Choose select a program from a list of installed programs and click OK. Choose either Wordpad or notepad.

3) Scroll down to the bottom of the file. You should see:
jdk.tls.disabledAlgorithms=SSLv3

4) Change this by back-spacing over SSLv3 and save the file so it looks like:
jdk.tls.disabledAlgorithms=

You should now be able to access legacy sites with Java SSL support.