Mozilla Offers $5,000 of reward for bypassing Firefox protection

Mozilla announced the expansion of the vulnerability bounty program with a new category. Now researchers will be paid not only for the bugs themselves, but also for techniques to bypass defense mechanisms. In material terms, Mozilla is offering a $5,000 reward for bypassing Firefox protection.

“The Mozilla Client Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet software in existence”, — say Mozilla developers.

Mozilla engineers also write that in the past, bypassing security mechanisms was regarded as a low to medium severity problem. Now, under the new Exploit mitigation bug bounty program, researchers will be able to receive a reward of up to $5,000 for such bugs.

You can earn up to $5,000 by discovering the possibility of bypassing privileged access protection.

“Within Firefox, we have introduced vital security features, exploit mitigations, and defense in depth measures. If you are able to bypass one of these measures, even if you are operating from privileged access within the browser, you are eligible for a bounty”, — explain Mozilla specialists.

However, if a specialist discovers a problem that allows bypassing protection without having high privileges (as a rule, in such cases the talk is about a whole chain of vulnerabilities), he will be able to claim a reward for the vulnerability itself and a fifty percent bonus for bypassing protection.

Mozilla also continues to encourage researchers to test Firefox Nightly, but vulnerabilities found in this version will only be rewarded if they are not noticed by Mozilla developers themselves within four days of posting into the repository a code that contains a bug.

Github’s bounty policy is compatible with Mozilla’s. This means that if you follow both Mozilla’s and Github’s policies, you are eligible to earn a bounty from both.