editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bugzilla | Mozilla | 2.4 | 2.4 |
| Bugzilla | Mozilla | 2.6 | 2.6 |
| Bugzilla | Mozilla | 2.8 | 2.8 |
| Bugzilla | Mozilla | 2.10 | 2.10 |
| Bugzilla | Mozilla | 2.12 | 2.12 |
| Bugzilla | Mozilla | 2.14 | 2.14 |
| Bugzilla | Mozilla | 2.14.1 | 2.14.1 |
| Bugzilla | Mozilla | 2.14.2 | 2.14.2 |
| Bugzilla | Mozilla | 2.14.3 | 2.14.3 |
| Bugzilla | Mozilla | 2.14.4 | 2.14.4 |
| Bugzilla | Mozilla | 2.14.5 | 2.14.5 |
| Bugzilla | Mozilla | 2.16 | 2.16 |
| Bugzilla | Mozilla | 2.16.1 | 2.16.1 |
| Bugzilla | Mozilla | 2.16.2 | 2.16.2 |
| Bugzilla | Mozilla | 2.16.3 | 2.16.3 |
| Bugzilla | Mozilla | 2.17.1 | 2.17.1 |
| Bugzilla | Mozilla | 2.17.3 | 2.17.3 |
| Bugzilla | Mozilla | 2.17.4 | 2.17.4 |