alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Firefox Cookie Manipulation Attempt"; flow:established,from_server; content:"location.hostname"; nocase; pcre:"/location.hostname\s*=\s*['"][^'"]*\\x00/i"; reference:cve,2007-0981; classtype:web-application-attack; reference:url,doc.emergingthreats.net/bin/view/Main/2003415; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Mozilla-Firefox; sid:2003415; rev:3;)

Added 2009-02-07 22:00:25 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Firefox Cookie Manipulation Attempt"; flow:established,from_server; content:"location.hostname"; nocase; pcre:"/location.hostname\s*=\s*['"][^'"]*\\x00/i"; reference:cve,2007-0981; classtype:web-application-attack; reference:url,doc.emergingthreats.net/bin/view/Main/2003415; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Mozilla-Firefox; sid:2003415; rev:3;)

Added 2009-02-07 22:00:25 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Firefox Cookie Manipulation Attempt"; flow:established,from_server; content:"location.hostname"; nocase; pcre:"/location.hostname\s*=\s*['"][^'"]*\\x00/i"; reference:cve,2007-0981; classtype:web-application-attack; sid:2003415; rev:2;)

Added 2008-01-25 10:56:38 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Firefox Cookie Manipulation Attempt"; flow:established,from_server; content:"location.hostname"; nocase; pcre:"/location.hostname\s*=\s*['"][^'"]*\\x00/i"; reference:cve,2007-0981; classtype:web-application-attack; sid:2003415; rev:2;)

Added 2008-01-25 10:56:38 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"BLEEDING-EDGE EXPLOIT Firefox Cookie Manipulation Attempt"; flow:established,from_server; content:"location.hostname"; nocase; pcre:"/location.hostname\s*=\s*['"][^'"]*\\x00/i"; reference:cve,2007-0981; classtype:web-application-attack; sid:2003415; rev:1; )