== Security Compromise ==
When a serious security concern is noticed, such as a major root compromise, it should be treated as a security-sensitive bug, and the a [httphttps://wwwbugzilla.mozilla.org/projects/security/securityenter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&groups=crypto-bugscore-policy.html Mozilla Policy for Handling Security Bugs] security secure bug should be followedfiled in Bugzilla].
To report a concern about certificates being issued by a CA in Mozilla's Program: