Details

Firefox by default sends information about Firefox to Mozilla servers. There should be no background submission of technical and other information from DoD computers to Mozilla with portions posted publicly.

Solution

Windows group policy:
1. Open the group policy editor tool with ‘gpedit.msc’.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesMozillaFirefox
Policy Name: Disable Telemetry
Policy State: Enabled

macOS ‘plist’ file:
Add the following:
DisableTelemetry

Linux ‘policies.json’ file:
Add the following in the policies section:
‘DisableTelemetry’: true

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-251558r807146_rule
• STIG-ID|FFOX-00-000014
• Vuln-ID|V-251558

Source

• Tenable.com/audits