News

Mozilla extends bug bounty program and increases rewards

In honor of the fifteenth anniversary of the Firefox browser, Mozilla announced that it is expanding its bug bounty program to include a number of new sites and services.

In addition, the amount of rewards for some types of bugs was doubled and even tripled.

Mozilla was one of the first companies to establish a bug bounty program and we continually adjust it so that it stays as relevant now as it always has been. To celebrate the 15 years of the 1.0 release of Firefox, we are making significant enhancements to the web bug bounty program”, — writes Simon Bennetts, Security Automation Engineer at Mozilla.

So, now the following sites and services are included in the bug bounty program:

  1. Autograph – a cryptographic signature service that signs Mozilla products.
  2. Lando – Mozilla’s new automatic code-landing service which allows us to easily commit Phabricator revisions to their destination repository.
  3. Phabricator – a code management tool used for reviewing Firefox code changes.
  4. Taskcluster – the task execution framework that supports Mozilla’s continuous integration and release processes (promoted from core to critical).
  5. Firefox Monitor – a site where you can register your email address so that you can be informed if your account details are part of a data breach.
  6. Localization – a service contributors can use to help localize Mozilla products.
  7. Payment Subscription – a service that is used as the interface in front of the payment provide (Stripe).
  8. Firefox Private Network – a site from which you can download a desktop extension that helps secure and protect your connection everywhere you use Firefox.
  9. Ship It – a system that accepts requests for releases from humans and translates them into information and requests that our Buildbot-based release automation can process.
  10. Speak To Me – Mozilla’s Speech Recognition API.
Simon Bennetts

Read also: APT33 Iranian group created its own VPN-network, but this only deteriorated privacy

However, as mentioned above, the matter was not limited to simple expansion of the program, as also have doubled now payments for the Web and Services Bug Bounty program, which includes all the critical, main and other Mozilla sites. In turn, payments for remote code execution on critical sites were immediately tripled – up to $ 15,000.

“The new payouts have already been applied to the most recently reported web bugs”, — reports Simon Bennetts.

It should be noted that despite such “raising of bets”, bug bounty program in Mozilla still looks rather modest when compared with competitors. For example, for detecting a critical bug in the new Chromium-based <b<Microsoft Edge, researcher can get up to $ 30,000.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

7 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

7 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

7 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

7 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

11 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

11 hours ago