The hackers who claimed to know 30 other Firefox exploits, were asked to report the weaknesses to Mozilla and even to claim the $500 bounties on exploits, but the hackers declined saying that they would do more good creating a network for black-hats.
The fly in the mustard is that one of these guys works for six-apart, the blog company that makes movable-type, Type Pad, Vox, and Live-journal. Something like this makes or breaks a companies reputation. Right now I say that it looks really bad on six apart. Your company should have a policy that all found critical security exploits from are handled in a responsibility manner as a term of employment.