Mozilla expands its bug bounty program
Posted on 16 December 2010.
Back in 2004, the Mozilla Foundation instituted a bug bounty program that rewarded users who reported critical security vulnerabilities on the Foundation's software with $500 per bug. Six years later, the amount received for the reported bugs can reach $3,000 per bug.

Not even five months later, Mozilla has decided to up the ante once again, announcing that the bounty program now includes web application vulnerabilities on the following sites:
  • bugzilla.mozilla.org
  • *.services.mozilla.com
  • getpersonas.com
  • aus*.mozilla.org
  • www.mozilla.com/org
  • www.firefox.com
  • www.getfirefox.com
  • addons.mozilla.org
  • services.addons.mozilla.org
  • versioncheck.addons.mozilla.org
  • pfs.mozilla.org
  • download.mozilla.org.
The rewards range from $500 dollars for high severity flaws such as reflected XSS and TLS failure, to $3000 for extraordinary or critical vulnerabilities such as stored XSS, CSRF, code injection, and authentication and session management flaws which lead to account compromise.

There are only two things that the Mozilla Foundation asks of the people who plan to search for the vulnerabilities: that they don't use automatic tools against their web services so that their availability is not compromised, and that they keep the details of the found bugs to themselves - after reporting it to Mozilla, of course - for a "reasonable amount of time" that will allow them to patch the hole before the flaw is made public.






Spotlight

Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jan 30th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //