BROWSER-FIREFOX -- Snort has detected traffic known to exploit vulnerabilities present in the Firefox browser, or products that have the "Gecko" engine (Thunderbird email client, etc.).
BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt
This event is generated when an attacker attempts to exploit a sandbox escape vulnerability in Mozilla Firefox.
Attempted User Privilege Gain
This rule checks for attempts to exploit a sandbox escape vulnerability in Mozilla Firefox's RemotePrompt handler, which will allow the attacker to open additional web content in a privileged context. An attacker can exploit this vulnerability in combination with another Firefox vulnerability to achieve remote code execution on the victim's machine.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-11708Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
||Ease of Access||LOW