CVE-2011-3667

CVE Database · CVE-2011-3667

CVE-2011-3667

· N/AModified

CVSS v3.1

N/A

EPSS

1.07%

Published

Jan 2, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message.

Weaknesses (CWE)

CWE-287

Affected Products (160)

mozilla · bugzillavulnerable

References (8)

http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html

http://www.bugzilla.org/security/3.4.12/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=711714

https://exchange.xforce.ibmcloud.com/vulnerabilities/72042