Detecting CVE-2018-16983 (NoScript Bypass)
MORE INFO: https://nvd.nist.gov/vuln/detail/CVE-2018-16983 The following post is regarding information which is obviously quite old. As a long time NoScript user, I was quite alarmed to see a tweet put out by Zerodium detailing an extremely simple exploit that tricks NoScript into allowing Javascript to be executed. I consider NoScript necessary for a safe browsing experience. However, the real concern is for those whose physical safety relies on the security and privacy provided by the Tor Browser, which is by extension affected by this critical flaw. Unfortunately, I was unable to locate a version of NoScript (prior to version 5.1.8.7) that is vulnerable. In any case, I am releasing the following Snort rule in hopes that someone may benefit from it. alert tcp any any -> any any (msg:"EXTERNAL_NET CVE-2018-16938 NoScript Content-Type Bypass"; content:"text/html\;/json"; sid:1; rev:1;) Fortunately, we may still the efficacy of this rule using netcat. A stri