Rule Category

BROWSER-OTHER -- Snort has detected suspicious traffic known to exploit vulnerabilities present in an Internet browser other than Firefox, Internet Explorer, or Chrome, or which is present in multiple browsers. This rule should be enabled for systems that use any mainstream browser, to offer complete coverage. (ie, If a vulnerability affects both Chrome and Firefox, but is covered by a rule under the Chrome category, Firefox users might have Chrome coverage turned off and miss the vulnerability.)

Alert Message

BROWSER-OTHER Mozilla Firefox GeckoActiveXObject exploit attempt

Rule Explanation

This event occurs when there is malicious activity detected on your network. Impact: A Network Trojan was detected Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Rule Vulnerability

CVE Additional Information

CVE-2006-3803
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
Details
SeverityMEDIUM Base Score5.1
Impact Score6.4 Exploit Score4.9
Confidentiality ImpactPARTIAL Integrity ImpactPARTIAL
Availability ImpactPARTIAL Access Vector
AuthenticationNONE Ease of Access