CVE-2012-2714

Name of the Vulnerable Software and Affected Versions BrowserID (Mozilla Persona) module versions 7.x-1.x before 7.x-1.3 for Drupal

Description The issue allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. This is a problem where an attacker can take control of another user's authentication.

Recommendations For BrowserID (Mozilla Persona) module versions 7.x-1.x before 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication mechanism until the update is applied.