The only additional information on that mozilla link is that the issue is "fixed in Firefox 67.0.3 and Firefox ESR 60.7.1". The only information about affected versions is that an unspecified set of "Firefox, Firefox ESR" are vulnerable.

The report doesn't include anything about which version introduced the bug. Is this a recent bug, or has it been around for many years? If it's old, is there any information available that might indicate how long malicious actors have been exploiting this vulnerability? Apparently the answer to the last question is "yes", as Mozilla claims that "We are aware of targeted attacks in the wild abusing this flaw." For how long? How many people might be affected?; "targeted" could mean a single individual or a very large group with some specifically targetable attribute.

There is a lot more to security than "just upgrade to the latest release". Also, while fears about public malicious actors learning from disclosure rarely outweigh the important benefits gained by allowing the public to defend themselves and learn form the incident, in this particular case where malicious actors are already exploiting the bug in the wild, there is little to be gained by keeping information hidden from the public.

What right would the Firefox team have to invade the privacy of the "target" to detail who they are to the Internet as a whole?

HN users frequently complain that "automatically check for updates" is somehow an invasion of privacy. Meeting your demand, revealing the target of an attack publicly, would certainly be an invasion of privacy — one a thousand times more trust-violating than any auto-update check could be.

What of your needs is met by making such a request? What is your direct and personal benefit from knowing the target of the attack? Why are you willing to sacrifice the privacy of that target for that personal benefit?

What about mobile versions? What about Beta, Developer, Nightly versions?

Firefox app on my Android phone was updated yesterday to 67.0.3, and the release notes mention the security fix.

There's more than one mobile version.

Latest Android Nightly build is 68.0a1 from 2019-05-04.

Latest Android Beta build is 68.0beta, from May 21, 2019 (actually from APK name it's 68.0b11).

Latest iOS Release build is 16.0, from April 15, 2019.

By the way, latest Desktop Beta build is 68.0beta, from May 22, 2019, and latest Desktop Nightly build is 69.0a1, from May 20, 2019 - and there's no information about whether they affected too.

The iOS version should be unaffected, as Firefox for iOS does not include its own JS engine (it uses the one provided by the system), which is where this vulnerability is.

For the Desktop version at least, if you download the current beta (68.0beta11), you'll notice that it was built two days ago. The latest nightly was built today. The changelog for these is just not kept up to date.