STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Mozilla Firefox Security Technical Implementation Guide

V-251552

CAT II (Medium)

Firefox must be configured to not use a password store with or without a master password.

Rule ID

SV-251552r960963_rule

STIG

Mozilla Firefox Security Technical Implementation Guide

Version

V6R7

CCIs

CCI-000381

Discussion

Firefox can be set to store passwords for sites visited by the user. These individual passwords are stored in a file and can be protected by a master password. Autofill of the password can then be enabled when the site is visited. This feature could also be used to autofill the certificate PIN, which could lead to compromise of DoD information.

Check Content

Type "about:policies" in the browser window. 

If "PasswordManagerEnabled" is not displayed under Policy Name or the Policy Value is not "false", this is a finding.

Fix Text

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox
Policy Name: PasswordManager
Policy State: Disabled

macOS "plist" file:
Add the following:
<key>PasswordManagerEnabled</key>
<false/>

Linux "policies.json" file:
Add the following in the policies section:
"PasswordManagerEnabled": false