Snort mailing list archives
Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability
From: rmkml <rmkml () ligfy org>
Date: Fri, 5 Aug 2016 22:39:48 +0200 (CEST)
Hi, The http://etplc.org open source project offer a new sig for detecting Mozilla Firefox location about XSS vulnerability: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Mozilla Firefox Location Spoofing about xss attempt"; flow:from_server,established; file_data; content:"about:"; nocase; distance:0; content:"?"; within:15; distance:0; content:"<"; within:100; distance:0; content:"location"; nocase; pcre:"/\babout:[a-z]+\?[^\n]+\</si"; reference:cve,2016-5268; reference:url,www.mozilla.org/en-US/security/advisories/mfsa2016-83/; reference:url,bugzilla.mozilla.org/show_bug.cgi?id=1253673; classtype:misc-activity; sid:1; rev:1;) It's a first SPECIFIC signature, many variant is possible with JavaScript... See reference for more information. Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability rmkml (Aug 05)
- Re: Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability Joshua Williams (Aug 06)