Snort mailing list archives
Re: Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability
From: Joshua Williams <joshuwi2 () sourcefire com>
Date: Sat, 6 Aug 2016 08:25:55 -0700
Hi rmkml, Thanks for your submission. I'll review and test this rule and get back to you when it's finished. -- Josh Williams Detection Response Team TALOS Security Group On Fri, Aug 5, 2016 at 1:39 PM, rmkml <rmkml () ligfy org> wrote:
Hi, The http://etplc.org open source project offer a new sig for detecting Mozilla Firefox location about XSS vulnerability: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT Mozilla Firefox Location Spoofing about xss attempt"; flow:from_server,established; file_data; content:"about:"; nocase; distance:0; content:"?"; within:15; distance:0; content:"<"; within:100; distance:0; content:"location"; nocase; pcre:"/\babout:[a-z]+\?[^\n]+\</si"; reference:cve,2016-5268; reference:url,www.mozilla.org/en-US/security/advisories/mfsa2016-83/; reference:url,bugzilla.mozilla.org/show_bug.cgi?id=1253673; classtype:misc-activity; sid:1; rev:1;) It's a first SPECIFIC signature, many variant is possible with JavaScript... See reference for more information. Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------ ------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability rmkml (Aug 05)
- Re: Offer a new sig for detecting Mozilla Firefox location about XSS vulnerability Joshua Williams (Aug 06)