Source for Mozilla Foundation Security Advisories. http://www.mozilla.org/security/announce/ We strongly advise to get advisory data from CVE services. The data in this repo gets published there automatically.
Advisories are written and assigned as per the process described in the Security/Firefox/Security Bug Life Cycle/Security Advisories wiki page.