Firekeeper: An Intrusion Detection and Prevention System for Firefox

It was an idea that was bound to happen. If attacks used to be predominantly on servers, and we build IDS/IPS systems to protect them, why not build one for a client?! Firekeeper is just that; it's a signature-based system build from Snort code, but pared down to focus just on the types of attacks that are relevant to Firefox. Being build on Snort code seems to give it quite good flexibility in analyzing responses sent by servers. While you can find the full rules page by visiting the site, I thought I would just point out the screenshots page as it gives a birds-eye view of some rules as well as what an alert might look like were you to find one while running Firekeeper. Note that Firekeeper is a hybrid IDS/IPS in that it alerts you to potential attempts, but it also gives you the option to stop the attack, or allow the access if you know it is legitimate. The site also has a test page which has toothless exploits which you can click on to see the alerts Firekeeper would generate. Note how many of them are media players or browser plugins.

Of course, the best solution to dealing with client exploits is to keep the client up to date on all available patches. And since neither an IDS nor patching will help protect you from 0day exploits, it is also advisable to use browsers which don't suffer from frequent 0days, where possible, ;).