Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability

[rmkml <rmkml () ligfy org>]

Hi,

The http://etplc.org open source project offer a new sig for detecting Mozilla Firefox location about XSS vulnerability:

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Mozilla Firefox Location Spoofing about xss 
attempt";
flow:from_server,established; file_data; content:"about:"; nocase; distance:0; content:"?"; within:15; distance:0; 
content:"<"; within:100;
distance:0; content:"location"; nocase; pcre:"/\babout:[a-z]+\?[^\n]+\</si"; reference:cve,2016-5268;
reference:url,www.mozilla.org/en-US/security/advisories/mfsa2016-83/;
reference:url,bugzilla.mozilla.org/show_bug.cgi?id=1253673; classtype:misc-activity; sid:1; rev:1;)

It's a first SPECIFIC signature, many variant is possible with JavaScript...

See reference for more information.

Don't forget check variables.

Please send any comments.

Regards
@Rmkml

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!