It’s been long known inside the security community that Mozilla pays out a nice sum to those that find serious vulnerabilities in the Firefox web browser. Now Mozilla has stepped it up, and has raised the bounty from $500 to $3000. Mozilla has also extended the reward to the new Firefox Mobile line, as well as the Thunderbird email client, and other new products.
To become eligible for the the bounty, security experts and “ethical” hackers must find a new and unique, or a previously unknown security vulnerability. Below are guidelines for bug bounty.
- Security bug must be original and previously unreported.
- Security bug must be a remote exploit.
- Security bug is present in the most recent supported, beta or release candidate version of Firefox, Thunderbird, Firefox Mobile, or in Mozilla services which could compromise users of those products, as released by Mozilla Corporation or Mozilla Messaging.
- Security bugs in or caused by additional 3rd-party software (e.g. plugins, extensions) are excluded from the Bug Bounty program.
- Submitter must not be the author of the buggy code nor otherwise involved in its contribution to the Mozilla project (such as by providing check-in reviews).
- Employees of the Mozilla Foundation and its subsidiaries are ineligible.
Mozilla started their bounty program back in 200, since then six years has brought a lot of change in the security community. “A lot has changed in the six years since the Mozilla program was announced, and we believe that one of the best ways to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information,” wrote the company’s Lucas Adamsk.
You can read more at Mozilla’s blog.
[via Mozilla]
5 Responses to Mozilla Ups Bug Bounty to $3,000
Pingback: Tweets that mention Mozilla Ups Bug Bounty to $3,000 -- Topsy.com
hey there is a mistake in ur post in last para
“Mozilla started their bounty program back in 200, since then six years has brought a lot ”
it should be 2000.
will get some bounty for this??? :)
Blog is good if you cud remove the misleading ads like , the gmail inbox ADs and the download now button AD. Dont you have anyother way to make money rather than misleading people and making them click ?
Pingback: Mozilla Ups Security Bounty from $500 to $3000 – PC Magazine | Prevent Theft with Security Systems
Pingback: Mozilla Reward Program Awards 12-Year Old Bug Hunter