1.5 Protect Firefox Binaries

Information

Ensure that Firefox is installed and owned by an administrative account in order to protect the binaries and to prevent users from circumventing security settings.
When Firefox is installed by an ordinary user, the software in installed into the user's profile / home directory. This avoids the requirement for administrative access during installation and upgrades, but also allows users to circumvent security settings defined in settings.js and mozilla.cfg files. Having the installation owned by an administrative user can also protect binary and configuration files from malware that is executed in an ordinary user's browser.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Install Firefox into a shared location that can be accessed by users but modified only by Administrators.

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: 011797ccb2923b7ae19b5b88c60fdcb9c715982337c1bbb07b0cd053d3e1c162