Mozilla expands its bug bounty program..!!

priyanshuit's picture

Back in 2004, the Mozilla Foundation instituted
a bug bounty program that rewarded users who reported critical security
vulnerabilities on the Foundation's software with $500 per bug. Six
years later, the amount received for the reported bugs can reach $3,000 per bug.

Not even five months later, Mozilla has decided to up the ante once again, announcing that the bounty program now includes web application vulnerabilities on the following sites:

  • *
  • aus*

rewards range from $500 dollars for high severity flaws such as
reflected XSS and TLS failure, to $3000 for extraordinary or critical
vulnerabilities such as stored XSS, CSRF, code injection, and
authentication and session management flaws which lead to account

There are only two things that the Mozilla Foundation asks of the people
who plan to search for the vulnerabilities: that they don't use
automatic tools against their web services so that their availability is
not compromised, and that they keep the details of the found bugs to
themselves - after reporting it to Mozilla, of course - for a
"reasonable amount of time" that will allow them to patch the hole
before the flaw is made public.



Post new comment

The content of this field is kept private and will not be shown publicly.
11 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture


Last Name


Website / Blog

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: Twitter: Email:


Recent comments