It has been long known inside the security experts and hackers community that Mozilla rewards a great sum to those that discover serious bugs/vulnerabilities in the Firefox web browser. And now Mozilla has updated their security bounty program to better support, and has increased the bounty from $500 to $3000. Begin from July 1, 2010, eligible security vulnerabilities that are approved by Mozilla will be paid out with a $3,000 US. The company has also extended the bounty to the new Firefox Mobile, Thunderbird email client, and other company’ products.
To be qualified for the the reward, security experts and hackers have to find a new, original and unique, or a previously unreported security vulnerability. Following are the criteria for eligible bugs :
- Security bug must be original and previously unreported.
- Security bug must be a remote exploit.
- Security bug is present in the most recent supported, beta or release candidate version of Firefox, Thunderbird, Firefox Mobile, or in Mozilla services which could compromise users of those products, as released by Mozilla Corporation or Mozilla Messaging.
- Security bugs in or caused by additional 3rd-party software (e.g. plugins, extensions) are excluded from the Bug Bounty program.
- Submitter must not be the author of the buggy code nor otherwise involved in its contribution to the Mozilla project (such as by providing check-in reviews).
- Employees of the Mozilla Foundation and its subsidiaries are ineligible.
For more details, you could read more at Mozilla’s blog.
