Mozilla extends bug bounty program and increases rewards

In honor of the fifteenth anniversary of the Firefox browser, Mozilla announced that it is expanding its bug bounty program to include a number of new sites and services.

“Mozilla was one of the first companies to establish a bug bounty program and we continually adjust it so that it stays as relevant now as it always has been. To celebrate the 15 years of the 1.0 release of Firefox, we are making significant enhancements to the web bug bounty program”, — writes Simon Bennetts, Security Automation Engineer at Mozilla.

So, now the following sites and services are included in the bug bounty program:

1. Autograph – a cryptographic signature service that signs Mozilla products.
2. Lando – Mozilla’s new automatic code-landing service which allows us to easily commit Phabricator revisions to their destination repository.
3. Phabricator – a code management tool used for reviewing Firefox code changes.
4. Taskcluster – the task execution framework that supports Mozilla’s continuous integration and release processes (promoted from core to critical).
5. Firefox Monitor – a site where you can register your email address so that you can be informed if your account details are part of a data breach.
6. Localization – a service contributors can use to help localize Mozilla products.
7. Payment Subscription – a service that is used as the interface in front of the payment provide (Stripe).
8. Firefox Private Network – a site from which you can download a desktop extension that helps secure and protect your connection everywhere you use Firefox.
9. Ship It – a system that accepts requests for releases from humans and translates them into information and requests that our Buildbot-based release automation can process.
10. Speak To Me – Mozilla’s Speech Recognition API.

Read also: APT33 Iranian group created its own VPN-network, but this only deteriorated privacy

However, as mentioned above, the matter was not limited to simple expansion of the program, as also have doubled now payments for the Web and Services Bug Bounty program, which includes all the critical, main and other Mozilla sites. In turn, payments for remote code execution on critical sites were immediately tripled – up to $ 15,000.

“The new payouts have already been applied to the most recently reported web bugs”, — reports Simon Bennetts.