Title

Firefox must be configured to not automatically check for updated versions of installed search plugins. (Cat II impact)

Discussion

Updates must be controlled and installed from authorized and trusted servers. This setting overrides a number of other settings that may direct the application to access external URLs.

Check Content

Type "about:policies" in the browser address bar. If "Preferences" is not displayed under Policy Name or the Policy Value does not include "browser.search.update" with a value of "false" and status of "locked", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "browser.search.update": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>browser.search.update</key> <dict> <key>Value</key> <false/> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "browser.search.update": { "Value": false, "Status": "locked" } }

Additional Identifiers

Rule ID: SV-251548r1067552_rule

Vulnerability ID: V-251548

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.