Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I am trying to determine which preference were either deleted or changed for the purpose of locking them down per DOD STIGs.

more options

I no longer see the following preferences and need to know if they were straight out deleted or are encompassed by another preference(s):

signon.prefillForms privacy.ite.history privacy.sanitize.promptOnSanitize browser.download.dir xpinstall.enabled security.warn_leaving_secure security.enable_tls security.enable_ssl2 security.enable_ssl3

I no longer see the following preferences and need to know if they were straight out deleted or are encompassed by another preference(s): signon.prefillForms privacy.ite.history privacy.sanitize.promptOnSanitize browser.download.dir xpinstall.enabled security.warn_leaving_secure security.enable_tls security.enable_ssl2 security.enable_ssl3

Chosen solution

security.enable_ssl3 was replaced by the security.tls.version.min and security.tls.version.max preferences. http://kb.mozillazine.org/Security.tls.version.*

security.tls.version.min is set to 1 at default which disables SSL3. SSLv3 was disabled by default as of Firefox 34 and later.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

security.warn_leaving_secure do not have an effect any longer as of Firefox 19.0 ... Bug 799009 - Remove support for obsolete SSL-related warning prompts

Bug 469158 - Remove the 'privacy.sanitize.promptOnSanitize' preference

The xpinstall.enabled pref is only present on the about:config page when you add it yourself. When absent then it defaults to true.

Read this answer in context 👍 0

All Replies (3)

more options

You will probably get better and more relevant advice if you try our Mozilla security forum

You probably should mention which DOD STIG you are trying to follow

If you post a question please reply here with a link to the post so we may follow your progress.

Thanks

more options

Chosen Solution

security.enable_ssl3 was replaced by the security.tls.version.min and security.tls.version.max preferences. http://kb.mozillazine.org/Security.tls.version.*

security.tls.version.min is set to 1 at default which disables SSL3. SSLv3 was disabled by default as of Firefox 34 and later.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

security.warn_leaving_secure do not have an effect any longer as of Firefox 19.0 ... Bug 799009 - Remove support for obsolete SSL-related warning prompts

Bug 469158 - Remove the 'privacy.sanitize.promptOnSanitize' preference

The xpinstall.enabled pref is only present on the about:config page when you add it yourself. When absent then it defaults to true.

more options

Thank you John99 and James.