Select any old version/release of this SCAP to view the previous requirements
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.2 (or TLS 1.3) macOS "plist" file: Add the following: <key>SSLVersionMin</key> <string>tls1.2</string> (or <string>tls1.3</string>) Linux "policies.json" file: Add the following in the policies section: "SSLVersionMin": "tls1.2" or ("SSLVersionMin": "tls1.3")
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "security.default_personal_cert": { "Value": "Ask Every Time", "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>security.default_personal_cert</key> <dict> <key>Value</key> <string>Ask Every Time</string> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "security.default_personal_cert": { "Value": "Ask Every Time", "Status": "locked" } }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "browser.search.update": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>browser.search.update</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "browser.search.update": { "Value": false, "Status": "locked" } }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Extensions Policy Name: Extension Update Policy State: Disabled macOS "plist" file: Add the following: <key>ExtensionUpdate</key> <false/> Linux "policies.json" file: Add the following in the policies section: "ExtensionUpdate": false
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Form History Policy State: Enabled macOS "plist" file: Add the following: <key>DisableFormHistory</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableFormHistory": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: PasswordManager Policy State: Disabled macOS "plist" file: Add the following: <key>PasswordManagerEnabled</key> <false/> Linux "policies.json" file: Add the following in the policies section: "PasswordManagerEnabled": false
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Popups Policy Name: Block pop-ups from websites Policy State: Enabled Policy Name: Do not allow preferences to be changed Policy State: Enabled Optional: Policy Name: Allowed Sites Policy State: Enabled Click "Show..." and enter a list of websites to be allowlisted. macOS "plist" file: Add the following: <key>PopupBlocking</key> <dict> <key>Allow</key> <array> <string>http://example.mil</string> <string>http://example.gov</string> </array> <key>Default</key> <true/> <key>Locked</key> <true/> </dict> Linux "policies.json" file: Add the following in the policies section: "PopupBlocking": { "Allow": ["http://example.mil/", "http://example.gov/"], "Default": true, "Locked": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "dom.disable_window_move_resize": { "Value": true, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>dom.disable_window_move_resize</key> <dict> <key>Value</key> <true/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "dom.disable_window_move_resize": { "Value": true, "Status": "locked" } }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "dom.disable_window_flip": { "Value": true, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>dom.disable_window_flip</key> <dict> <key>Value</key> <true/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "dom.disable_window_flip": { "Value": true, "Status": "locked" } }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Addons Policy Name: Allow add-on installs from websites Policy State: Disabled macOS "plist" file: Add the following: <key>InstallAddonsPermission</key> <false/> Linux "policies.json" file: Add the following in the policies section: "InstallAddonsPermission": { "Default": false }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Telemetry Policy State: Enabled macOS "plist" file: Add the following: <key>DisableTelemetry</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableTelemetry": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Developer Tools Policy State: Enabled macOS "plist" file: Add the following: <key>DisableDeveloperTools</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableDeveloperTools": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Forget Button Policy State: Enabled macOS "plist" file: Add the following: <key>DisableForgetButton</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableForgetButton": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Private Browsing Policy State: Enabled macOS "plist" file: Add the following: <key>DisablePrivateBrowsing</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisablePrivateBrowsing": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Search Policy Name: Search Suggestions Policy State: Disabled macOS "plist" file: Add the following: <key>SearchSuggestEnabled</key> <false/> Linux "policies.json" file: Add the following in the policies section: "SearchSuggestEnabled": false
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Permissions\Autoplay Policy Name: Default autoplay level Policy State: Enabled Policy Value: Block Audio and Video macOS "plist" file: Add the following: <key>Permissions</key> <dict> <key>Autoplay</key> <dict> <string>block-audio-video</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Permissions": { "Autoplay": { "Default": "block-audio-video" } }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Network Prediction Policy State: Disabled macOS "plist" file: Add the following: <key>NetworkPrediction</key> <false/> Linux "policies.json" file: Add the following in the policies section: "NetworkPrediction": false
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Tracking Protection Policy Name: Fingerprinting Policy State: Enabled macOS "plist" file: Add the following: <key>EnableTrackingProtection</key> <dict> <key>Fingerprinting</key> <true/> </dict> Linux "policies.json" file: Add the following in the policies section: "EnableTrackingProtection": { "Fingerprinting": true }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Tracking Protection Policy Name: Cryptomining Policy State: Enabled macOS "plist" file: Add the following: <key>EnableTrackingProtection</key> <dict> <key>Cryptomining</key> <true/> </dict> Linux "policies.json" file: Add the following in the policies section: "EnableTrackingProtection": { "Cryptomining": true }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "browser.contentblocking.category": { "Value": "strict", "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>browser.contentblocking.category</key> <dict> <key>Value</key> <string>strict</string> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "browser.contentblocking.category": { "Value": "strict", "Status": "locked" } }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "extensions.htmlaboutaddons.recommendations.enabled": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>extensions.htmlaboutaddons.recommendations.enabled</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "extensions.htmlaboutaddons.recommendations.enabled": { "Value": false, "Status": "locked" },
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Disabled Ciphers Policy Name: TLS_RSA_WITH_3DES_EDE_CBC_SHA Policy State: Enabled macOS "plist" file: Add the following: <key>DisabledCiphers</key> <dict> <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key> <true/> </dict> Linux "policies.json" file: Add the following in the policies section: "DisabledCiphers": { "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\User Messaging Policy Name: Extension Recommendations Policy State: Disabled macOS "plist" file: Add the following: <key>UserMessaging</key> <dict> <key>ExtensionRecommendations</key> <false/> </dict> Linux "policies.json" file: Add the following in the policies section: "UserMessaging": { "ExtensionRecommendations": false }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Customize Firefox Home Policy State: Enabled Policy Value: Uncheck "Search" Policy Value: Uncheck "Top Sites" Policy Value: Uncheck "Sponsored Top Sites" Policy Value: Uncheck "Recommended by Pocket" Policy Value: Uncheck "Sponsored Pocket Stories" Policy Value: Uncheck "Download History" Policy Value: Uncheck "Snippets" Policy Value: Check "Do not allow settings to be changed" macOS "plist" file: Add the following: <key>FirefoxHome</key> <dict> <key>Search</key> <false/> <key>TopSites</key> <false/> <key>SponsoredTopSites</key> <false/> <key>Pocket</key> <false/> <key>SponsoredPocket</key> <false/> <key>Highlights</key> <false/> <key>Snippets</key> <false/> <key>Locked</key> <true/> </dict> Linux "policies.json" file: Add the following in the policies section: "FirefoxHome": { "Search": false, "TopSites": false, "SponsoredTopSites": false, "Pocket": false, "SponsoredPocket": false, "Highlights": false, "Snippets": false, "locked": true }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\DNS Over HTTPS Policy Name: Enabled Policy State: Disabled macOS "plist" file: <key>DNSOverHTTPS</key> <dict> <key>Enabled</key> <false/> Linux "policies.json" file: Add the following in the policies section: "DNSOverHTTPS": {"Enabled": false}
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Disable Firefox Accounts Policy State: Enabled macOS "plist" file: <key>DisableFirefoxAccounts</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableFirefoxAccounts": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Disable Feedback Commands Policy State: Enabled macOS "plist" file: <key>DisableFeedbackCommands</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableFeedbackCommands": true
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Encrypted Media Extensions Policy Name: Enable Encrypted Media Extensions Policy State: Disabled Policy Name: Lock Encrypted Media Extensions Policy State: Enabled macOS "plist" file: <key>EncryptedMediaExtensions</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <true/> Linux "policies.json" file: Add the following in the policies section: "EncryptedMediaExtensions": { "Enabled": false, "Locked": true }
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\Clear data when browser is closed Policy Name: Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences, Offline Website Data Policy State: Disabled Policy Name: Locked Policy State: Enabled macOS "plist" file: Add the following: <key>SanitizeOnShutdown</key> <dict> <key>Cache</key> <false/> <key>Cookies</key> <false/> <key>Downloads</key> <false/> <key>FormData</key> <false/> <key>History</key> <false/> <key>Sessions</key> <false/> <key>SiteSettings</key> <false/> <key>OfflineApps</key> <false/> <key>Locked</key> <true/> </dict> Linux "policies.json" file: Add the following in the policies section: "SanitizeOnShutdown": { "Cache": false, "Cookies": false, "Downloads": false, "FormData": false, "History": false, "Sessions": false, "SiteSettings": false, "OfflineApps": false, "Locked": true }