diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev
index 4f7a42dd9eb..5e5c79649eb 100644
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@@ -1 +1 @@
-8574
\ No newline at end of file
+8575
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/Bugzilla/Bug.pm b/mozilla/webtools/bugzilla/Bugzilla/Bug.pm
index 547e35fa7fa..5069214ba07 100644
--- a/mozilla/webtools/bugzilla/Bugzilla/Bug.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/Bug.pm
@@ -4085,8 +4085,8 @@ sub check_can_change_field {
         return 1;
     }
 
-    # Allow anyone to change comments.
-    if ($field =~ /^longdesc/) {
+    # Allow anyone to change comments, or set flags
+    if ($field =~ /^longdesc/ || $field eq 'flagtypes.name') {
         return 1;
     }
 
diff --git a/mozilla/webtools/bugzilla/Bugzilla/Flag.pm b/mozilla/webtools/bugzilla/Bugzilla/Flag.pm
index 3660e2a7f14..98029a1b14c 100644
--- a/mozilla/webtools/bugzilla/Bugzilla/Flag.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/Flag.pm
@@ -294,6 +294,12 @@ sub set_flag {
         ThrowCodeError('flag_unexpected_object', { 'caller' => ref $obj });
     }
 
+    # Make sure the user can change flags
+    my $privs;
+    $bug->check_can_change_field('flagtypes.name', 0, 1, \$privs)
+        || ThrowUserError('illegal_change',
+                          { field => 'flagtypes.name', privs => $privs });
+
     # Update (or delete) an existing flag.
     if ($params->{id}) {
         my $flag = $class->check({ id => $params->{id} });
diff --git a/mozilla/webtools/bugzilla/template/en/default/flag/list.html.tmpl b/mozilla/webtools/bugzilla/template/en/default/flag/list.html.tmpl
index 88486c7f67f..7a3f88fc5d1 100644
--- a/mozilla/webtools/bugzilla/template/en/default/flag/list.html.tmpl
+++ b/mozilla/webtools/bugzilla/template/en/default/flag/list.html.tmpl
@@ -6,7 +6,7 @@
   # defined by the Mozilla Public License, v. 2.0.
   #%]
 
-[% IF user.id AND !read_only_flags %]
+[% IF user.id && !read_only_flags && bug.check_can_change_field('flagtypes.name', 0, 1) %]
 
 [%# We list flags by looping twice over the flag types relevant for the bug.
   # In the first loop, we display existing flags and then, for active types,