Title

Firefox extension recommendations must be disabled. (Cat II impact)

Discussion

The Recommended Extensions program makes it easier for users to discover extensions that have been reviewed for security, functionality, and user experience. Allowed extensions are to be centrally managed.

Check Content

Type "about:policies" in the browser address bar. If "Preferences" is not displayed under Policy Name and the Policy Value does not include "extensions.htmlaboutaddons.recommendations.enabled" with a value of "false" and status of "locked", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "extensions.htmlaboutaddons.recommendations.enabled": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>extensions.htmlaboutaddons.recommendations.enabled</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "extensions.htmlaboutaddons.recommendations.enabled": { "Value": false, "Status": "locked" },

Additional Identifiers

Rule ID: SV-251570r1067563_rule

Vulnerability ID: V-251570

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.