Mozilla · Bugzilla · CVE-2003-1044
**Name of the Vulnerable Software and Affected Versions**
Bugzilla versions 2.16.3 and earlier
**Description**
The issue arises in editproducts.cgi when usebuggroups is enabled. It fails to properly remove group add privileges from a group that is being deleted. This allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
**Recommendations**
For Bugzilla versions 2.16.3 and earlier, update to a version where this issue is resolved to prevent unauthorized group additions.