Versions (2)
Version DetailsCurrent
Rev: 2 • Nov 30, 2016, 12:00 PMET EXPLOIT Firefox 0-day used against TOR browser Nov 29 2016 M1
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Firefox 0-day used against TOR browser Nov 29 2016 M1"; flow:established,from_server; file_data; content:"|66 69 6e 64 50 6f 70 52 65 74|"; nocase; content:"|66 69 6e 64 53 74 61 63 6b 50 69 76 6f 74|"; nocase; content:"|56 69 72 74 75 61 6c 41 6c 6c 6f 63|"; nocase; content:"|72 6f 70 43 68 61 69 6e|"; nocase; content:"|6b 65 72 6e 65 6c 33 32 2e 64 6c 6c|"; nocase; reference:url,arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/; classtype:attempted-admin; sid:2023559; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Firefox, attack_target Client_Endpoint, created_at 2016_11_30, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_07_26;)
Nov 30, 2016, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules