Mozilla’s security chief has stepped into the debate about the
disclosure of security bugs by saying that software developers are at
the mercy of bug hunters.

Mozilla security chief Window Snyder called on security researchers
to follow responsible disclosure guidelines, giving vendors a
reasonable amount of time to fix bugs before making them public. As
things stand, bug hunters have the whip hand, she argued.

http://www.theregister.com/2007/03/26/mozilla_full_disclosure/