""ET EXPLOIT Metasploit FireFox WebIDL Privileged Javascript Injection""
SID: 2019085
Revision: 4
Class Type: trojan-activity
Metadata: affected_product Any, attack_target Client_and_Server, created_at 2014_08_29, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2014_09_10
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: from_server,established
Contents:
- Value: ".atob(String.fromCharCode("
Within:
PCRE: "/^(?:90|0x5a|0+?132)\s?,\s?(?:71|0x47|0+?107)\s?,\s?(?:70|0x46|0+?106)\s?,\s?(?:48|0x30|0+?60)\s?,\s?(?:89|0x59|0+?131)\s?,\s?(?:84|0x54|0+?124)\s?,\s?(?:112|0x70|0+?160)/Rsi"
Special Options:
- file_data