This module enables sites to automatically detect and set user timezones via JavaScript.
The module does not sufficiently protect against Cross-Site Request Forgery (CSRF): an attacker could use this vulnerability to manipulate a userβs timezone setting. The security implication of this issue depends on the site. It can range from minor annoyance to some level of a bigger bug on a site that relies on the timezone for some more important purpose.
Drupal core is not affected. If you do not use the contributed Timezone Detect module, there is nothing you need to do.
Install the latest version:
Also see the Timezone Detect project page.
cve.mitre.org/
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/project/timezone_detect
www.drupal.org/project/timezone_detect/releases/7.x-1.2
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/greggles
www.drupal.org/u/jordanmagnuson
www.drupal.org/writing-secure-code