I guess what I'm trying to get a handle on is was https://bugzilla.mozilla.org/show_bug.cgi?id=292691 publically accessible after it was first submitted? It doesn't seem to be now.
If so, it's no wonder some nefarious person went "ooh, look a new vulnerability bug report" and made off with it to do all sorts of unpleasant things.
We've seen similar problems with Linux kernel commits as well.
When all development is done in the public eye, you are going to have this problem. I'm not saying public development is a bad thing, but this sort of behaviour is a negative side-effect of it and needs to be handled accordingly.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds