If you discover an add-on security vulnerability, even if the add-on is not hosted on a Mozilla site, please notify us. We will work with the developer to correct the issue. Please report security vulnerabilities confidentially in Bugzilla or by emailing firstname.lastname@example.org.
Bugs on addons.mozilla.org (AMO) If you find a problem with the site, we'd love to fix it. Please file a bug report and include as much detail as possible.