1.3 Protect Firefox Binaries

Information

Ensure that Firefox is installed and owned by an administrative account in order to protect the binaries and to prevent users from circumventing security settings.

Rationale:

When Firefox is installed by an ordinary user, the software is installed into the user's profile / home directory. This avoids the requirement for administrative access during installation and upgrades, but also allows users to circumvent security settings defined in settings.js and mozilla.cfg files. Having the installation owned by an administrative user can also protect binary and configuration files from malware that is executed in an ordinary user's browser.

Impact:

Ordinary users will not be able to update or patch Firefox; only Administrators can perform upgrades.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Install Firefox into a shared location that can be accessed by users but modified only by Administrators.

Default Value:

N/A

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 26a2066902f73b994026a0dbe8acd4915e5d786867c617135e4f139d23b7aab8