alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Mozilla Firefox Certificate Spoofing";
pcre:"/META[\s]+HTTP-EQUIV[\s]*=[\s]*['"]*REFRESH['"]*[\s]+CONTENT[\s]*=[\s]*['"]*[\d]+[\s]*\;[\s]*URL[\s]*=[\s]*http[\s\S]+onunload[\s]*=[\s]*['"]+[\s\S]+document\.write[\s\S]+window\.location\.reload/i";
reference:url,http.www.securiteam.com/securitynews/5EP0L1PDFG.html;
classtype:misc-activity; sid:2000000; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Mozilla Cookie theft";
reference:url,http.www.securiteam.com/securitynews/5GP0T0U60M.html;
pcre:"/http\://[\w]+(\.[\w]+){1,2}%00(([\d]+\.*){4}|[\d]+|[\w]+(\.[\w]+){1,2})/i";
reference:url,http.www.securiteam.com/securitynews/5GP0T0U60M.html;
classtype:misc-activity; sid:2000000; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Reading Local Files in Netscape 6 and Mozilla";
pcre:"/([\w]+)[\s]*=[\s]*new[\s]+XMLHttpRequest[\s\S]+\1\.open[\s]*\([\s]*['"]GET['"][\s]*,/i";
reference:url,http.www.securiteam.com/securitynews/5JP000A76K.html;
classtype:misc-activity; sid:2000000; rev:1;)
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Mozilla FTP View Cross-Site Scripting
Vulnerability"; content:"ftp\://"; nocase;
content:"<TITLE"; content:"<SCRIPT";
content:"</TITLE";
reference:url,http.www.securiteam.com/windowsntfocus/5MP0I0080A.html;
classtype:misc-activity; sid:2000000; rev:1;)
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
