In response to notification by a security researcher, Mozilla discovered earlier this month that one of their databases, containing 44,000 inactive accounts that used older, MD5-based password hashes, had been mistakenly left on a public server. The users who were impacted were sent email notifications, and the risk is thought to be minimal, but just in case you have an old Mozilla account and haven’t logged on since April 9, 2009, and have changed your email address since then so that you might not get the notice, it’s something to be aware of.
Read more here:
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/