Home Mozilla Ups Security Bug Bounty to $3,000

Mozilla Ups Security Bug Bounty to $3,000

Mozilla, the organization behind the popular Firefox browser, just announced a major refresh of its security bounty program. When Mozilla instituted this program in 2004, the organization paid security researchers $500 for discovering eligible security bugs. For new bugs, Mozilla will now pay $3,000. The organization cites the fact that “the security environment has changed tremendously” as the main reason for the increase. In addition, Mozilla also clarified that the bounty program includes Firefox, as well as the Thunderbird email client and Mozilla’s mobile products like the newly released Firefox Home tool for the iPhone.

To be eligible for the $3,000 reward, bugs must be original and previously unreported. The security bug must also be a remote exploit and can’t be caused by a third-party plugin or extension.

Bugs can be reported confidentially through Mozilla’s bug tracking software, though Mozilla will also pay when researchers disclose security bugs publicly. The organization, however, encourages researchers to disclose these security issues privately.

Only a few Mozilla products are ineligible for the bounty program. The Mozilla Suite, an all-in-one Internet application suite that resembles the old Netscape Communicator product, isn’t eligible, for example, as Mozilla stopped development on this program in 2008.

$1,337: What Others Pay

A number of other companies have established similar bounty programs. Google, for example, pays $500 for “interesting and original” security vulnerabilities in Chrome and $1,337 for severe bugs. Some researchers, however, have called Google’s $500 bounty “insulting.” When Google established this program, it cited Mozilla’s $500 bounty as the reason for choosing this price, so it will be interesting to see if Google will also bring its bug bounty up to $3,000 as well.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.