I can't see all the browser vendors being complicit in what would essentially be a cover-up just to make the internet look good.
And anyway, they didn't cover it up, they just waited for the patch. But they checked it in to the public repos days ago, so they weren't trying to hide it from the attacker, just keep it low profile. That doesn't make sense for this type of vulnerability, unless there is something interesting we don't know about.
My best guess is that we are waiting for audits of the target sites to finish, and I guess addons.mozilla.com is already done.
And anyway, they didn't cover it up, they just waited for the patch. But they checked it in to the public repos days ago, so they weren't trying to hide it from the attacker, just keep it low profile. That doesn't make sense for this type of vulnerability, unless there is something interesting we don't know about.
My best guess is that we are waiting for audits of the target sites to finish, and I guess addons.mozilla.com is already done.
EDIT: Nevermind, here is the list of affected sites: http://www.microsoft.com/technet/security/advisory/2524375.m...