2 matches found
CVE-2012-2714
The CVE-2012-2714 entry concerns the Drupal BrowserID (Mozilla Persona) module for Drupal 7.x-1.x, vulnerable before 7.x-1.3. The underlying issue is insufficient validation of authentication requests, allowing remote attackers to hijack arbitrary user authentication via the audience identifier. ...
CVE-2012-2713
The Drupal 7.x BrowserID (Mozilla Persona) module (7.x-1.x) is affected by a CSRF vulnerability that could allow an attacker to hijack a user’s authentication when logging into another site. The issue arises from insufficient validation of authentication requests. It is fixed in BrowserID 7.x-1.3...