Mozilla Changes Security Bug Bounty Program

By on July 19, 2010
submit to reddit

Devs to pay $3000 to every critical bug filed.

Mozilla announced a refresh of its security bug bounty program which will now offer $3000 to those who find and report bugs in Firefox, Firefox Mobile, and Thunderbird programs. A bug is eligible if its critical and those that are considered to be original, remote, reproducible, and “allows execution of arbitrary code on users’ systems, while high security bugs allow access to users’ confidential information”.

A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best way to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information.

We have also clarified the products covered under the bounty to better reflect the threats we are focused upon. We still include Firefox and Thunderbird obviously, but we also added Firefox Mobile and any Mozilla services that those products rely upon for safe operation. These are products we have traditionally paid bounties for in a discretionary basis anyway, but we wanted to make that explicit. Release and beta versions of those products are eligible. Mozilla Suite bugs however is no longer eligible, as it is not an officially released nor supported Mozilla product.

You can read more about the bug bounty program here. There is also a FAQ.

Source: Mozilla.


Mufaddal Fakhruddin is the Editor for IGN ME and thinks writing in third person about himself in an about me section is weird.

Most Read
Most Commented
Win two Toshiba AT200 tablets

This festive season Toshiba has 2 tablets to giveaway.

Win an MSI FM2-A85XA-G65 Motherboard

Thanks to MSI we have an great AMD FM2 motherboard to giveaway.

Win a Nokia Asha 311

Thanks to Nokia we have a great entry-level smartphone to giveaway.