News

Mozilla extends bug bounty program and increases rewards

In honor of the fifteenth anniversary of the Firefox browser, Mozilla announced that it is expanding its bug bounty program to include a number of new sites and services.

In addition, the amount of rewards for some types of bugs was doubled and even tripled.

Mozilla was one of the first companies to establish a bug bounty program and we continually adjust it so that it stays as relevant now as it always has been. To celebrate the 15 years of the 1.0 release of Firefox, we are making significant enhancements to the web bug bounty program”, — writes Simon Bennetts, Security Automation Engineer at Mozilla.

So, now the following sites and services are included in the bug bounty program:

  1. Autograph – a cryptographic signature service that signs Mozilla products.
  2. Lando – Mozilla’s new automatic code-landing service which allows us to easily commit Phabricator revisions to their destination repository.
  3. Phabricator – a code management tool used for reviewing Firefox code changes.
  4. Taskcluster – the task execution framework that supports Mozilla’s continuous integration and release processes (promoted from core to critical).
  5. Firefox Monitor – a site where you can register your email address so that you can be informed if your account details are part of a data breach.
  6. Localization – a service contributors can use to help localize Mozilla products.
  7. Payment Subscription – a service that is used as the interface in front of the payment provide (Stripe).
  8. Firefox Private Network – a site from which you can download a desktop extension that helps secure and protect your connection everywhere you use Firefox.
  9. Ship It – a system that accepts requests for releases from humans and translates them into information and requests that our Buildbot-based release automation can process.
  10. Speak To Me – Mozilla’s Speech Recognition API.
Simon Bennetts
Simon Bennetts

Read also: APT33 Iranian group created its own VPN-network, but this only deteriorated privacy

However, as mentioned above, the matter was not limited to simple expansion of the program, as also have doubled now payments for the Web and Services Bug Bounty program, which includes all the critical, main and other Mozilla sites. In turn, payments for remote code execution on critical sites were immediately tripled – up to $ 15,000.

“The new payouts have already been applied to the most recently reported web bugs”, — reports Simon Bennetts.

It should be noted that despite such “raising of bets”, bug bounty program in Mozilla still looks rather modest when compared with competitors. For example, for detecting a critical bug in the new Chromium-based <b<Microsoft Edge, researcher can get up to $ 30,000.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button