""ET EXPLOIT Firefox 0-day used against TOR browser Nov 29 2016 M2""
SID: 2023560
Revision: 1
Class Type: attempted-admin
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Firefox, attack_target Client_Endpoint, created_at 2016_11_30, deployment Perimeter, performance_impact Low, signature_severity Major, tag Web_Client_Attacks, updated_at 2016_11_30
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
- Value: "|72 6f 70 43 68 61 69 6e 28 72 6f 70 42 61 73 65 2c 76 74 61 62 6c 65 5f 6f 66 66 73 65 74 2c 31 30 2c 72 6f 70 41 72 72 42 75 66 29 3b|"
Within:
PCRE:
Special Options:
-
file_data
-
nocase