Mozilla can still give access for the developers of forks without opening it to the public before they (and the forks!) have managed to rollout a full update.
Anyone can run a fork though, I right now might be running my personal fork. This is part of the point of free software.
Plus, you assume that the select few developers that are given the exploit information are trustworthy. The exploit being public from the first day is better than if even a single developer is untrustworthy or compromised.
I don't understand this logic. It's better to have everyone see it and to guarantee it is seen by a malicious actor, instead of only a small few seeing it and there being some small potential for it to be seen by a malicious actor?
It will be seen by a malicious actor anyway after the fix is released. The difference is that there will be more time for a malicious actor to act against a fork if an embargo is applied.
