The bug is marked "Fix Released" because a bug against a source package always targets the latest development series (in this case 19.10, where the bug is indeed fixed).
This doesn't mean the supported releases are being treated as second-class citizens. The updates will be available to everyone very soon.
While this is indeed a critical bug, it has largely been mitigated by Mozilla issuing a new certificate through Normandy, which is enabled by default in Ubuntu packages. So unless users have forcefully disabled Normandy, they shouldn't be affected by the bug anymore.
The bug is marked "Fix Released" because a bug against a source package always targets the latest development series (in this case 19.10, where the bug is indeed fixed).
This doesn't mean the supported releases are being treated as second-class citizens. The updates will be available to everyone very soon.
While this is indeed a critical bug, it has largely been mitigated by Mozilla issuing a new certificate through Normandy, which is enabled by default in Ubuntu packages. So unless users have forcefully disabled Normandy, they shouldn't be affected by the bug anymore.