alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Apple Safari UXSS (CVE-2017-7089)"; flow:from_server,established; file_data; content:"parent-tab://"; fast_pattern; content:"open"; pcre:"/\b(?P<varname>[^\s\x3d]+)\s*\x3d\s*open\s*\x28\s*[^\x29]+parent-tab:\/\/.+(?P=varname)\s*\.\s*document\s*\.\s*body\s*.\s*innerHTML\s*=/si"; reference:cve,2017-7089; classtype:attempted-user; sid:2024995; rev:3; metadata:affected_product Safari, attack_target Client_Endpoint, created_at 2017_11_15, cve CVE_2017_7089, deployment Perimeter, performance_impact Low, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_10_08;)