Home / News / Mozilla extends bug bounty program and increases rewards

Mozilla extends bug bounty program and increases rewards

In honor of the fifteenth anniversary of the Firefox browser, Mozilla announced that it is expanding its bug bounty program to include a number of new sites and services.

In addition, the amount of rewards for some types of bugs was doubled and even tripled.

Mozilla was one of the first companies to establish a bug bounty program and we continually adjust it so that it stays as relevant now as it always has been. To celebrate the 15 years of the 1.0 release of Firefox, we are making significant enhancements to the web bug bounty program”, — writes Simon Bennetts, Security Automation Engineer at Mozilla.

So, now the following sites and services are included in the bug bounty program:

  1. Autograph – a cryptographic signature service that signs Mozilla products.
  2. Lando – Mozilla’s new automatic code-landing service which allows us to easily commit Phabricator revisions to their destination repository.
  3. Phabricator – a code management tool used for reviewing Firefox code changes.
  4. Taskcluster – the task execution framework that supports Mozilla’s continuous integration and release processes (promoted from core to critical).
  5. Firefox Monitor – a site where you can register your email address so that you can be informed if your account details are part of a data breach.
  6. Localization – a service contributors can use to help localize Mozilla products.
  7. Payment Subscription – a service that is used as the interface in front of the payment provide (Stripe).
  8. Firefox Private Network – a site from which you can download a desktop extension that helps secure and protect your connection everywhere you use Firefox.
  9. Ship It – a system that accepts requests for releases from humans and translates them into information and requests that our Buildbot-based release automation can process.
  10. Speak To Me – Mozilla’s Speech Recognition API.
Simon Bennetts
Simon Bennetts

Read also: APT33 Iranian group created its own VPN-network, but this only deteriorated privacy

However, as mentioned above, the matter was not limited to simple expansion of the program, as also have doubled now payments for the Web and Services Bug Bounty program, which includes all the critical, main and other Mozilla sites. In turn, payments for remote code execution on critical sites were immediately tripled – up to $ 15,000.

“The new payouts have already been applied to the most recently reported web bugs”, — reports Simon Bennetts.

It should be noted that despite such “raising of bets”, bug bounty program in Mozilla still looks rather modest when compared with competitors. For example, for detecting a critical bug in the new Chromium-based <b<Microsoft Edge, researcher can get up to $ 30,000.
[Total: 0    Average: 0/5]
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Iranian hackers use ZeroCleare

Iranian hackers used new ZeroCleare malware

IBM experts have revealed a new malware ZeroCleare, which created and used Iranian hackers. ZeroCleare …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.