MidnightBSD

Advisories for browserid_project

CVE-2012-2713 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
browserid_project browserid 7.x-1.2
browserid_project browserid 7.x-1.1