Title

Firefox private browsing must be disabled. (Cat II impact)

Discussion

Private browsing allows the user to browse the internet without recording their browsing history/activity. From a forensics perspective, this is unacceptable. Best practice requires that browser history is retained.

Check Content

Type "about:policies" in the browser window. If "DisablePrivateBrowsing" is not displayed under Policy Name or the Policy Value is not "true", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Private Browsing Policy State: Enabled macOS "plist" file: Add the following: <key>DisablePrivateBrowsing</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisablePrivateBrowsing": true

Additional Identifiers

Rule ID: SV-251563r879587_rule

Vulnerability ID: V-251563

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.