7.1 Disable Auto-Install of Add-ons

Information

This configuration will enable or disable the ability for websites to automatically install add-ons without an allow list. If this setting is enabled, a whitelist for add-ons that are approved must be created.

Rationale:

Add-ons are extensions of the browser that add new functionality to Firefox or change its appearance. These run in a user s session allowing them do manipulate data and the behavior of the way Firefox interacts with other application and user commands. If malicious add-ons are installed automatically, a user s security could be completely compromised.

Impact:

Users will not be able to download and install add-ons from websites unless an allow list is created.

Solution

To establish the recommended configuration, set xpinstall.whitelist.required to true:

Type about:config in the address bar

Type xpinstall.whitelist.required in the filter

Ensure the setting is set as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('xpinstall.whitelist.required', true);

Default Value:

True

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.2

Plugin: Unix

Control ID: 1919389e631e1f8b622946c378e1fa5cba90f214d6d529aa6f43f1b5c1bcd713