tho this is off-topic for this list, it is still a bug that CentOS users along with all users of firefox should be aware of.
due to nature of bug and what is involved, i believe it safer to not go into great details in an open list. never know which ‘hats’ are subscribed to support list. :-D
so my question is just who should i inform of problem?
mozilla.org? author of add-on? cve.mitre.org? all 3?