The OVAL Repository5.82012-12-11T07:00:54.776-05:00Clear SSL Form Session DataMozilla FirefoxThis will ensure that the form data stored in an SSL Secure session is cleared when the session ends.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisabling Auto-Install of Add-OnsMozilla Firefoxensure that no website is allowed to automatically install Add-Ons. Also, it will list how to ensure that proper notifications are shown when installing Add-Ons.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Sending LM HashMozilla FirefoxPrevent Firefox from sending an LM Hash when authenticating to resources that request this authentication type.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Auto Notification of Outdated PluginsMozilla FirefoxThis feature automatically detects when installed Plugins are out of date and notifies the users to update the Plugins.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Blocking of Reported Attack SitesMozilla FirefoxThis configuration will have Firefox check whether the site being visited may be an attempt to interfere with normal computer functions or send personal data to unauthorized parties over the Internet.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisallow JavaScript s Ability to Hide the Status BarMozilla FirefoxPrevent JavaScript from changing the Status Bar from showing the location of the content when a user visits a link or when content is being downloaded on a web page.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDBlock Pop-up WindowsMozilla FirefoxThe Pop-up Blocker is used to block Pop-ups which a website might open with or without any user interaction. These Pop-Ups can be used to open un-trusted malicious content.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Information Bar for Outdated PluginsMozilla FirefoxThis feature automatically shows an information bar when installed Plugins are out of date and notifies the users to update the Plugins.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Remember Search and Form HistoryMozilla FirefoxPrevent search and form history from being stored.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable SSPI AuthenticationMozilla FirefoxFirefox can be configured to leverage the Microsoft Windows Security Support Provider Interface (SSPI).Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisallow Credential StorageMozilla FirefoxPrevent Firefox from storing credentials for certain websites.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Virus Scanning for DownloadsMozilla FirefoxFirefox can be configured to scan downloads for viruses.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Warning When Entering Insecure SiteMozilla FirefoxFirefox can notify users when a user enters an insecure (non-SSL) site from an encrypted SSL site.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Prompting for Credential StorageMozilla FirefoxPrevent Firefox from prompting when credentials are entered in website forms so credentials cannot be stored.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Javascript Function to Move or Resize Existing WindowsMozilla FirefoxPrevent Javasript from moving or resizing existing windows.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Javascript Functions to Raise or Lower WindowsMozilla FirefoxPrevent Javascript from raising or lowering windowsMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Displaying Javascript in History URLsMozilla FirefoxThis will ensure that JavaScript URLs are not displayed in the history bar.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Always Ask Where to Save FilesMozilla FirefoxFirefox should prompt for a location to save files every time.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Downloading on DesktopMozilla FirefoxFirefox can download content on the desktop or other locations. It is recommended not to download files on desktop.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Warning of Loading Mixed ContentMozilla FirefoxWarn users when unencrypted data is loaded in an SSL encrypted session.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAccept Only 1st Party CookiesMozilla FirefoxCookies are used to track valid session on internet websites. Securing cookie handling will help secure a user s browser session. It is recommended to only accept 1st party cookies.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Javascript Functions Disable or Replace Context MenusMozilla FirefoxPrevent Javascript from disabling or replacing context menusMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Caching of SSL PagesMozilla FirefoxPrevent Firefox from locally caching the content of SSL pages on disk.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Auto UpdateMozilla FirefoxEnable updates for Firefox and extensions installed on Firefox.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Javascript Functions to Hide the Status BarMozilla FirefoxPrevent Javascript from hiding the status barMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Warn When Sites Try to Install Add-onsMozilla FirefoxWill warn user when a site tries to install an add-onMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDelete Download HistoryMozilla FirefoxDelete Download HistoryMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDelete Search and Form HistoryMozilla FirefoxDelete Search and Form HistoryMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Closing of Windows via ScriptsMozilla FirefoxFirefox can be configured to prevent script from closing browser windows.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Referer from an SSL WebsiteMozilla FirefoxFirefox can be configured to omit the HTTP Referer header when the referring site is protected by SSL.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Javascript Functions to Change Status Bar TextMozilla FirefoxPrevent Javascript from changing the status barMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Online Certificate Status ProtocolMozilla FirefoxFirefox checks with Online Certification Status Protocol (OCSP) to ensure that the certificates are valid.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable JavaMozilla FirefoxDisable Java in FirefoxMichael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisable Scripting of Plugins by JavaScriptMozilla FirefoxPrevent Javascript from initiating and interacting with the Plug-ins installed in Firefox.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Blocking of Reported Web ForgeriesMozilla FirefoxTThis configuration will have Firefox actively check whether the site being visited may be an attempt to mislead you into providing personal information (this is often referred to as phishing).Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Ask About Cookies Every TimeMozilla FirefoxPrompt user for permission to use a cookie.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Warning When Submitting Clear Text Form DataMozilla FirefoxFirefox can notify users when a user sends form data to an insecure (non-SSL) site.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable Warning of Using Weak EncryptionMozilla FirefoxWarn users when a website is using weaker encryption.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDelete History and Form DataMozilla FirefoxPrevent Firefox from storing the sites visited, information typed in forms, and downloads from Internet resources.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDisallow JavaScript s Ability to Change the Status Bar TextMozilla FirefoxPrevent JavaScript from changing the Status Bar when showing the location of the content when a user hovers of a hyperlink, a user visits a link, or when content is being downloaded on a web page.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEnable SSL 3.0 and TLS 1.0Mozilla FirefoxEnable Transport Layer Security for Firefox.Michael A. LogoydaDRAFTJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe browser installed on the system is Mozilla FirefoxPrabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDBhavya KINTERIMDragos PrisacaACCEPTEDACCEPTEDprefs.js(browser\.sessionstore\.privacy_level)1prefs.js(xpinstall\.whitelist\.required)1prefs.js(network\.ntlm\.send-lm-response)1prefs.js(plugins\.update\.notifyUser)1prefs.js(browser\.safebrowsing\.malware\.enabled)1prefs.js(dom\.disable_window_open_feature\.status)1prefs.js(privacy\.popups\.policy)1prefs.js(plugins\.hide_infobar_for_outdated_plugin)1prefs.js("browser\.formfill\.enable", false)1prefs.js(network\.auth\.use-sspi)1prefs.js("signon\.rememberSignons", false)1prefs.js(browser\.download\.manager\.scanWhenDone)1prefs.js(security\.warn_entering_weak)1prefs.js(security\.ask_for_password)1prefs.js("dom\.disable_window_move_resize", true)1prefs.js("dom\.disable_window_flip", false)1prefs.js(browser\.urlbar\.filter\.javascript)1prefs.js("browser\.download\.useDownloadDir", false)1prefs.js("browser\.download\.folderList", 2)1prefs.js(security\.warn_viewing_mixed)1prefs.js("network\.cookie\.cookieBehavior", 1)1prefs.js("dom\.event\.contextmenu\.enabled", false)1prefs.js(browser\.cache\.disk_cache_ssl)1prefs.js(app\.update\.auto)1prefs.js("dom\.disable_window_open_feature\.status", false)1prefs.js("xpinstall\.whitelist\.required", false)1prefs.js("browser\.download\.manager\.retention", 0)1prefs.js("browser\.formfill\.enable", false)1prefs.js(dom\.allow_scripts_to_close_windows)1prefs.js("network\.http\.sendSecureXSiteReferrer", false)1prefs.js("dom\.disable_window_status_change", false)1prefs.js(security\.OCSP\.enabled)1prefs.js("services\.sync\.prefs\.sync\.security\.enable_java", false)1prefs.js("security\.xpconnect\.plugin\.unrestricted", false)1prefs.js(browser\.safebrowsing\.enabled)1prefs.js("network\.cookie\.lifetimePolicy", 1)1profiles.ini(\w*\.default)1HKEY_CURRENT_USERVolatile EnvironmentAPPDATAprefs.js("security\.warn_submit_insecure", true)1prefs.js(security\.warn_entering_weak)1prefs.js("browser\.history_expire_days", 0)1prefs.js(dom\.disable_window_status_change)1HKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla FirefoxCurrentVersionprefs.js(security\.enable_ssl3)1profiles.ini(\w*\.default)1HKEY_CURRENT_USERVolatile EnvironmentAPPDATA"browser.formfill.enable", false"signon.rememberSignons", false"dom.disable_window_move_resize", true"browser.download.useDownloadDir", false"browser.download.folderList", 2"network.cookie.cookieBehavior", 1"dom.event.contextmenu.enabled", false"browser.download.manager.retention", 0"browser.formfill.enable", false"network.http.sendSecureXSiteReferrer", false"services.sync.prefs.sync.security.enable_java", false"security.xpconnect.plugin.unrestricted", false"network.cookie.lifetimePolicy", 1"security.warn_submit_insecure", true"browser.history_expire_days", 0^[0-9]+\..*$\Mozilla\Firefox\Profiles\\Mozilla\Firefox\\Mozilla\Firefox\Profiles\\Mozilla\Firefox\