FFOX-00-000015 - Firefox development tools must be disabled.

Information

Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information about the web browser and plug-ins or modules being used. When debugging or trace information is enabled in a production web browser, information about the web browser, such as web browser type, version, patches installed, plug-ins and modules installed, type of code being used by the hosted application, and any back ends being used for data storage may be displayed. Because this information may be placed in logs and general messages during normal operation of the web browser, an attacker does not have to cause an error condition to gain this information.

Solution

Windows group policy:
1. Open the group policy editor tool with 'gpedit.msc'.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox
Policy Name: Disable Developer Tools
Policy State: Enabled

macOS 'plist' file:
Add the following:
<key>DisableDeveloperTools</key>
<true/>

Linux 'policies.json' file:
Add the following in the policies section:
'DisableDeveloperTools': true

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MOZ_Firefox_V6R1_STIG.zip

Item Details

References: CAT|III, CCI|CCI-001312, Rule-ID|SV-251559r807149_rule, STIG-ID|FFOX-00-000015, Vuln-ID|V-251559

Plugin: Windows

Control ID: ff65b4db145f00d5c8b741ed5b9e46b9751b1f544b7d5bff5eb168f95bf9a8a0