Mozilla has a well-defined process for handling security vulnerabilities based around responsible disclosure.

If you believe you have found a Remote Settings related security vulnerability, you should visit the Mozilla bug bounty program for information on how to submit them.