SID 1-48052

Report a false positive

Rule Category

BROWSER-IE -- Snort has detected traffic known to exploit vulnerabilities present in the Internet Explorer browser, or products that have the Trident or Tasman engines.

Alert Message

BROWSER-IE Multiple browsers memory corruption attempt

Rule Explanation

This event is generated when malicious JavaScript targeted against Microsoft Edge or Mozilla Firefox is detected on the network. Impact: Attempted User Privilege Gain Details: A memory corruption vulnerability is identified in Microsoft Edge and Mozilla Firefox. This vulnerability can be used to achieve remote code execution. Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2018-8505 CVE-2019-0771 CVE-2019-1052 CVE-2019-1139 CVE-2019-1197 CVE-2019-9810

Additional Links

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8505
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0771
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1052
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1139
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1197
www.mozilla.org/en-US/security/advisories/mfsa2019-09/

Rule Vulnerability

CVE Additional Information

CVE-2018-8505
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.
Details
Severity Base Score7.5
Impact Score5.9 Exploit Score1.6
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Access Vector
Authentication Ease of Access

Affected Systems
CVE-2019-0771
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783.
Details
Severity Base Score7.5
Impact Score5.9 Exploit Score1.6
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessHIGH
Privileges RequiredNONE

Affected Systems
CVE-2019-1052
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051.
Details
Severity Base Score7.5
Impact Score5.9 Exploit Score1.6
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessHIGH
Privileges RequiredNONE

Affected Systems
CVE-2019-1139
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
Details
Severity Base Score7.5
Impact Score5.9 Exploit Score1.6
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessHIGH
Privileges RequiredNONE

Affected Systems
CVE-2019-1197
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196.
Details
Severity Base Score7.5
Impact Score5.9 Exploit Score1.6
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessHIGH
Privileges RequiredNONE

Affected Systems
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
Details
Severity Base Score8.8
Impact Score5.9 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessLOW
Privileges RequiredNONE

Affected Systems