Comment 1 for bug 1174499

This is definitely a good strengthening action, but I don't think it qualifies as a vulnerability. MD5 is weaker than other hashing schemes, but practical collisions are still a bit hard to do, especially when you don't control the entirety of the cleartext.

If nobody complains, I'll open this bug and tag it "security" so that it gets wider attention, but it would not get an embargo or an OSSA.