Devs to pay $3000 to every critical bug filed.
Mozilla announced a refresh of its security bug bounty program which will now offer $3000 to those who find and report bugs in Firefox, Firefox Mobile, and Thunderbird programs. A bug is eligible if its critical and those that are considered to be original, remote, reproducible, and “allows execution of arbitrary code on users’ systems, while high security bugs allow access to users’ confidential information”.
A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best way to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information.
We have also clarified the products covered under the bounty to better reflect the threats we are focused upon. We still include Firefox and Thunderbird obviously, but we also added Firefox Mobile and any Mozilla services that those products rely upon for safe operation. These are products we have traditionally paid bounties for in a discretionary basis anyway, but we wanted to make that explicit. Release and beta versions of those products are eligible. Mozilla Suite bugs however is no longer eligible, as it is not an officially released nor supported Mozilla product.
You can read more about the bug bounty program here. There is also a FAQ.