Mozilla Critical Services disclosed a bug submitted by 0x90security: https://hackerone.com/reports/2255750 [Source]