CVE-2013-4227

Name of the Vulnerable Software and Affected Versions: Mozilla Persona module versions 7.x-1.x through 7.x-1.10

Description: A cross-site request forgery (CSRF) issue exists in the persona xsrf token function within the persona.module of the Mozilla Persona module for Drupal. This allows remote attackers to hijack the authentication of arbitrary users via a security token that is not a string data type.

Recommendations: For Mozilla Persona module versions 7.x-1.x through 7.x-1.10, update to version 7.x-1.11 or later to resolve the issue. As a temporary workaround, consider disabling the persona xsrf token function until a patch is available. Restrict access to the persona.module to minimize the risk of exploitation. Avoid using the security token in a non-string data type in the affected module until the issue is resolved.