CVE-2011-3667

N/A Unknown
Published: January 02, 2012 Modified: April 29, 2026
View on NVD

Description

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html
Source: cve@mitre.org
http://www.bugzilla.org/security/3.4.12/
Source: cve@mitre.org
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/72042
Source: cve@mitre.org
http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.bugzilla.org/security/3.4.12/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=711714
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/72042
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.1%
61th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

mozilla

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8