
Mozilla doesn't care for upstream security fixes, and doesn't send fixes upstream - protomyth
http://seclists.org/fulldisclosure/2016/May/2
======
dozzie
I wouldn't care as well. The attack vector is far from being obvious with this
description, when the user needs to download a bunch of files along with the
installer to be "hacked".

