Title

Firefox network prediction must be disabled. (Cat II impact)

Discussion

If network prediction is enabled, requests to URLs are made without user consent. The browser should always make a direct DNS request without prefetching occurring.

Check Content

Type "about:policies" in the browser window. If "NetworkPrediction" is not displayed under Policy Name or the Policy Value is not "false", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Network Prediction Policy State: Disabled macOS "plist" file: Add the following: <key>NetworkPrediction</key> <false/> Linux "policies.json" file: Add the following in the policies section: "NetworkPrediction": false

Additional Identifiers

Rule ID: SV-251566r879587_rule

Vulnerability ID: V-251566

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.