Title

Background submission of information to Mozilla must be disabled. (Cat II impact)

Discussion

Firefox by default sends information about Firefox to Mozilla servers. There should be no background submission of technical and other information from DoD computers to Mozilla with portions posted publicly.

Check Content

Type "about:policies" in the browser window. If "DisableTelemetry" is not displayed under Policy Name or the Policy Value is not "true", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Telemetry Policy State: Enabled macOS "plist" file: Add the following: <key>DisableTelemetry</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableTelemetry": true

Additional Identifiers

Rule ID: SV-251558r879587_rule

Vulnerability ID: V-251558

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.