Mozilla Offers $5,000 of reward for bypassing Firefox protection

Mozilla announced the expansion of the vulnerability bounty program with a new category. Now researchers will be paid not only for the bugs themselves, but also for techniques to bypass defense mechanisms. In material terms, Mozilla is offering a $5,000 reward for bypassing Firefox protection.

Let me remind you that despite obvious problems (for example, Microsoft Edge has overtaken Firefox in popularity, and Mozilla has cut some of its employees), the company has recently still extends a bug bounty program and increases rewards.

“The Mozilla Client Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet software in existence”, — say Mozilla developers.

Mozilla engineers also write that in the past, bypassing security mechanisms was regarded as a low to medium severity problem. Now, under the new Exploit mitigation bug bounty program, researchers will be able to receive a reward of up to $5,000 for such bugs.

You can earn up to $5,000 by discovering the possibility of bypassing privileged access protection.

“Within Firefox, we have introduced vital security features, exploit mitigations, and defense in depth measures. If you are able to bypass one of these measures, even if you are operating from privileged access within the browser, you are eligible for a bounty”, — explain Mozilla specialists.

However, if a specialist discovers a problem that allows bypassing protection without having high privileges (as a rule, in such cases the talk is about a whole chain of vulnerabilities), he will be able to claim a reward for the vulnerability itself and a fifty percent bonus for bypassing protection.

Mozilla also continues to encourage researchers to test Firefox Nightly, but vulnerabilities found in this version will only be rewarded if they are not noticed by Mozilla developers themselves within four days of posting into the repository a code that contains a bug.

Github’s bounty policy is compatible with Mozilla’s. This means that if you follow both Mozilla’s and Github’s policies, you are eligible to earn a bounty from both.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button