That doesn't bode well for all of the open source advocates who generally have Firefox as the default browser on their privacy/security focused distros. Hopefully this disclosure will compel Mozilla to take their internal security more seriously.

Yeah, not very encouraging news.

@whoevermod, thanks for the fix up of the topic. Didn't notice the original had exceeded length and ... well... thanks!

Meanwhile, Moz has done some fix up of the breach, yet there's still 15 that got away, so to speak.

Watch your FF for a bit as I'm sure this will be fire in the pants to seal these zero day potentials. And if you are not running NoScript which will help in this situation, now might be a good time to install it.

@tangor You're welcome ;)

I've been seriously considering running all of my browsers in lightweight VMs to sandbox all this stuff. If even Mozilla can't keep their back end under control then there's not much hope for any of them.

Wired finally caught up with the news, and added a bit more....

Now, it might not just be Mozilla’s non-public bugs that are under threat. A security company has discovered how to obtain high-level permissions on Bugzilla, the vulnerability database used by Mozilla as well as a host of open-source projects and private businesses. These databases contain all sorts of sensitive information, including details on vulnerabilities that organizations have been told about, but are yet to fix.

[wired.com...]

Received a FF update yesterday. Since learning news about the upcoming extensions purge, I had my update settings changed from automatic to "Check for updates, but let me choose whether to install them."

So got the little FF update alert but was busy with a script so I chose not to install right then. A few moments later an intrusive full screen jumped up warning me that this was a security update that was highly recommended. Since there was no way to close this screen and get back my script I chose to update.

Nothing noticeable.

While happy you had no problems, what you witnessed had nothing to do with the OP. Meanwhile, had the same update yesterday, and put it off, with no problems until I was done with what I was doing. IE. Clicked passed that screen and left it running until I was done, and had checked out the value of the update. This one was reasonable, so allowed. Otherwise, just close your browser and open it back up. That will kill the "update" if you have not clicked "restart firefox"/.

what you witnessed had nothing to do with the OP.

It was a security update. The thread is about security, so IMO it did have something to do with the OP.

just close your browser and open it back up. That will kill the "update"

I did not have FF open. As I said, I was working on an app script in a java test bed on my local machine. My BB is always connected, so the update alert.