Drupal BrowserID (Mozilla Persona) Module Multiple Security Vulnerabilities

The BrowserID (Mozilla Persona) module for Drupal is prone to a cross-site request-forgery vulnerability and a security-bypass vulnerability.

Attackers can exploit these issues to bypass security restrictions to obtain sensitive information or to perform unauthorized actions and gain access to the affected application; this may aid in launching further attacks.

BrowserID (Mozilla Persona) 7.x-1.x versions prior to 7.x-1.3 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus