An error occurred:

Mozilla Firefox STIG Version Comparison

Mozilla Firefox Security Technical Implementation Guide

Comparison

There are 1 differences between versions v6 r3 (July 27, 2022) (the "left" version) and v6 r5 (July 26, 2023) (the "right" version).

Check FFOX-00-000016 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

Firefox must have the DoD DOD root certificates installed.

Check Content

Type "about:preferences#privacy" in the browser window. Scroll down to the bottom and select "View Certificates...". In the Certificate Manager window, select the "Authorities" tab. Scroll through the Certificate Name list to the U.S. Government heading. Look for the entries for DoD DOD Root CA 2, DoD DOD Root CA 3, DoD DOD Root CA 4, and DoD DOD Root CA 5. If there are entries for DoD DOD Root CA 2, DoD DOD Root CA 3, DoD DOD Root CA 4, and DoD DOD Root CA 5, select them individually. Click the "View" button. Verify the publishing organization is "US Government". If there are no entries for the DoD appropriate DOD Root root certificates, CA 2, DoD Root CA 3, DoD Root CA 4, and DoD Root CA 5, this is a finding. If other AO-approved certificates are used, this is not a finding. If SIPRNet-specific certificates are used, this is not a finding. Note: In a Windows environment, use of policy setting "security.enterprise_roots.enabled=true" will point Firefox to the Windows Trusted Root Certification Authority Store. This is not a finding. It may also be set via the policy Certificates >> ImportEnterpriseRoots, which can be verified via "about:policies".

Discussion

The DoD DOD root certificates will ensure that the trust chain is established for server certificates issued from the DoD DOD Certificate Authority (CA).

Fix

Install the DoD DOD root certificates. On certificates. Other AO-approved certificates may also be used. Certificates designed for SIPRNet may be used as appropriate. On Windows, import certificates from the operating system by using Certificates >> Import Enterprise Roots (Certificates) via policy or Group Policy Object (GPO).