Mozilla expands its bug bounty program
Posted on 16 December 2010.
Back in 2004, the Mozilla Foundation instituted a bug bounty program that rewarded users who reported critical security vulnerabilities on the Foundation's software with $500 per bug. Six years later, the amount received for the reported bugs can reach $3,000 per bug.

Not even five months later, Mozilla has decided to up the ante once again, announcing that the bounty program now includes web application vulnerabilities on the following sites:
  • bugzilla.mozilla.org
  • *.services.mozilla.com
  • getpersonas.com
  • aus*.mozilla.org
  • www.mozilla.com/org
  • www.firefox.com
  • www.getfirefox.com
  • addons.mozilla.org
  • services.addons.mozilla.org
  • versioncheck.addons.mozilla.org
  • pfs.mozilla.org
  • download.mozilla.org.
The rewards range from $500 dollars for high severity flaws such as reflected XSS and TLS failure, to $3000 for extraordinary or critical vulnerabilities such as stored XSS, CSRF, code injection, and authentication and session management flaws which lead to account compromise.

There are only two things that the Mozilla Foundation asks of the people who plan to search for the vulnerabilities: that they don't use automatic tools against their web services so that their availability is not compromised, and that they keep the details of the found bugs to themselves - after reporting it to Mozilla, of course - for a "reasonable amount of time" that will allow them to patch the hole before the flaw is made public.






Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //