Mozilla Firefox STIG Version Comparison

There are 7 differences between versions v6 r4 (Oct. 26, 2022) (the "left" version) and v6 r6 (April 2, 2025) (the "right" version).

Check FFOX-00-000003 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

Firefox must be configured to ask which certificate to present to a website when a certificate is required.

Check Content

Type "about:policies" in the browser address bar. If "security.default_personal_cert" "Preferences" is not displayed under Policy Name and the Policy Value does not include "security.default_personal_cert" with a value of "Ask Every Time", Time" and status of "locked", this is a finding.

Discussion

When a website asks for a certificate for user authentication, Firefox must be configured to have the user choose which certificate to present. Websites within DoD DOD require user authentication for access, which increases security for DoD DOD information. Access will be denied to the user if certificate management is not configured.

Fix

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "security.default_personal_cert": { "Value": "Ask Every Time", "Status": "locked" } } macOS "plist" file: Add the following: <key>Preferences</key> <dict> <key>security.default_personal_cert</key> <dict> <key>Value</key> <string>Ask Every Time</string> <key>Status</key> <string>locked</string> </dict> </dict> Linux "policies.json" file: Add the following in the policies section: "Preferences": { "security.default_personal_cert": { "Value": "Ask Every Time", "Status": "locked" } }