""ET EXPLOIT Firefox 0-day used against TOR browser Nov 29 2016 M1""
SID: 2023559
Revision: 1
Class Type: attempted-admin
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Firefox, attack_target Client_Endpoint, created_at 2016_11_30, deployment Perimeter, performance_impact Low, signature_severity Major, tag Web_Client_Attacks, updated_at 2016_11_30
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "|66 69 6e 64 50 6f 70 52 65 74|"
-
Value: "|66 69 6e 64 53 74 61 63 6b 50 69 76 6f 74|"
-
Value: "|56 69 72 74 75 61 6c 41 6c 6c 6f 63|"
-
Value: "|72 6f 70 43 68 61 69 6e|"
-
Value: "|6b 65 72 6e 65 6c 33 32 2e 64 6c 6c|"
Within:
PCRE:
Special Options:
-
file_data
-
nocase
-
nocase
-
nocase
-
nocase
-
nocase