Mozilla expands its bug bounty program
Posted on 16 December 2010.
Back in 2004, the Mozilla Foundation instituted a bug bounty program that rewarded users who reported critical security vulnerabilities on the Foundation's software with $500 per bug. Six years later, the amount received for the reported bugs can reach $3,000 per bug.

Not even five months later, Mozilla has decided to up the ante once again, announcing that the bounty program now includes web application vulnerabilities on the following sites:
  • bugzilla.mozilla.org
  • *.services.mozilla.com
  • getpersonas.com
  • aus*.mozilla.org
  • www.mozilla.com/org
  • www.firefox.com
  • www.getfirefox.com
  • addons.mozilla.org
  • services.addons.mozilla.org
  • versioncheck.addons.mozilla.org
  • pfs.mozilla.org
  • download.mozilla.org.
The rewards range from $500 dollars for high severity flaws such as reflected XSS and TLS failure, to $3000 for extraordinary or critical vulnerabilities such as stored XSS, CSRF, code injection, and authentication and session management flaws which lead to account compromise.

There are only two things that the Mozilla Foundation asks of the people who plan to search for the vulnerabilities: that they don't use automatic tools against their web services so that their availability is not compromised, and that they keep the details of the found bugs to themselves - after reporting it to Mozilla, of course - for a "reasonable amount of time" that will allow them to patch the hole before the flaw is made public.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //