Mozilla Increases Bounty for Security Bug Info to $3,000

Mave

Mave

TMS Founder
Administrator
Messages
234,566
Location
Belgium
Mozilla, the organization behind the Firefox Web browser, has upped the amount it will pay security researchers for information on security bugs in its products from US$500 to $3,000.

The change is part of what Mozilla calls a refresh of its Security Bug Bounty Program, which launched in 2004.

"A lot has changed in the six years since the Mozilla program was announced, and we believe that one of the best ways to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information," wrote Lucas Adamski, director of security engineering, in a blog post.

Mozilla has also expanded the scope of the reward program, which will continue to apply to Firefox and the Thunderbird e-mail client, and also to the Firefox mobile browser and other services the products rely on. Release and beta products are also eligible.

"These are products we have traditionally paid bounties for in a discretionary basis anyway, but we wanted to make that explicit," Adamski wrote.

Mozilla can deny a reward to a researcher, however, if the organization deems the person has not acted in the best interests of users, Adamski wrote.

Other parts of the program will be retained, however. A reward will still be paid even if a researcher has published information on the vulnerability or if the researcher doesn't have time to work closely with Mozilla's security team.

Source: http://news.yahoo.com/s/pcworld/20100716/tc_pcworld/mozillaincreasesbountyforsecuritybuginfoto3000
 
Well no, He'll have $3000 and I wouldn't call that exactly RICH, but he sure could use a bit of money it seems.
 
So FrostBytez has became a security specialist? Because to find a serious security threat you have to be a specialist in fact
 
He sent them an email and they replied asking for more detail, but they sounded interested in it :tongue:
 
I suppose being "interested" in it is their usual reaction since they have no idea how bad the bug might be first of and when it is reported by a person who they don't know the reporter can have bad intentions or be a psycho like Glo.
 
Will they send the money as cheque like google does? Because then you could sell it on ebay to get even more money. Rich people will buy it to show off.
And how much money would you get if you gave the information about a security bug to black hats? It mozilla able to keep up with their payment?
 
Andre said:
So FrostBytez has became a security specialist? Because to find a serious security threat you have to be a specialist in fact
Click to expand...
Became? I have been.

I have to maintain a server which worthless people from Cyber-Warrior.org keep trying to hack and take down.

(Not to mention, I'm somewhat of a hacker in XSS / SQL injection :biggrin:)

I've emailed extensive details back to them about the bug/exploit i found in Mozilla FireFox, this exploit will allow any website to remotely access any passwords/visited websites or other type of saved data from your local computer with ZERO consent of the user/victim.

Obviously they've put some interest into what I've reported otherwise they wouldn't have people researching it right now (Told me on Email)
Anybody can just say "MOZILLA, FIREFOX CRASH, IT HAVE BUG PLZ GIVE ME MONEY" and they would research it? I think not.
 
FrostBytez said:
Andre said:
So FrostBytez has became a security specialist? Because to find a serious security threat you have to be a specialist in fact
Click to expand...
Became? I have been.

I have to maintain a server which worthless people from Cyber-Warrior.org keep trying to hack and take down.

(Not to mention, I'm somewhat of a hacker in XSS / SQL injection :biggrin:)
Click to expand...

How nice for you.
 
Thanks Aman.

Sometimes knowing how to hack prevents less skilled hackers from hacking your e-possesions.

Of course i praticed hacking in my own server whereas i was allowed to do so, i tested / found exploits in many various scripts then reported it to the authors.


On-topic;

I found out that only a very SERIOUS bug can get $3,000, minor bugs will pay less.

E.x if you report a bug for firefox crashing when switching tabs very fast, you'll get 300$ (Example)
E.x If you report a vulnerability in the coding / program itself of a exploit that may harm the users computer through the browser, that's $3,000

I reported a high-risk vulnerability, which means if they deem what i reported 'high risk' then they must pay me :biggrin:
 
FrostBytes. Iam just interested: Are you doing this in your free time or is it your "official" job? And did you study something in the university about this and were trained? So are you a official security expert or are you calling yourself one?
This isn't an attack or sarcasm, those are just questions without any intents, because Iam interested. Maybe I know more about this business after this, since I don't know how to become a security epxert and so and don't know much about this business yet.
 
Remis said:
FrostBytes. Iam just interested: Are you doing this in your free time or is it your "official" job? And did you study something in the university about this and were trained? So are you a official security expert or are you calling yourself one?
This isn't an attack or sarcasm, those are just questions without any intents, because Iam interested. Maybe I know more about this business after this, since I don't know how to become a security epxert and so and don't know much about this business yet.
Click to expand...
I wouldn't call this a job, it's just a endeavor to earn some extra money.

I have no degree in security nor has anyone classified me as one, but I'd consider myself one since i maintain maximum security at my server which powerful hackers keep trying to deface or bring down.

I never went to any university or type of school or used any type of tutorial for any of my knowledge on anything, I learn everything myself by just 'trying' it out.

I study a few times every week on new security exploits aswell as find some in my server / scripts / etc.
 
You must log in or register to reply here.
Back
Top Bottom