Mozilla to pay up to $10,000 for security bug reports

mozilla security logoMozilla has announced an important update to its Client Bug Bounty Program which aims to attract white hat hackers to look into Mozilla code, detect vulnerabilities, create exploit cases and report them to Mozilla to have it fixed before the bug can cause any harm to users.

The program, which is in part responsible for Mozilla’s great response time to security vulnerabilities, has been a success so far having paid about $1.6 million since its inception several years ago.

Mozilla’s new maximum award has been set to $10,000 (up from $3,000), and moderate vulnerabilities may now be worth a reward. This is the summary of awards:

Novel vulnerability and exploit, new form of exploitation or an exceptional vulnerability High quality bug report with clearly exploitable critical vulnerability High quality bug report of a critical or high vulnerability Minimum for a high or critical vulnerability Medium vulnerability
$10,000+ $7,500 $5,000 $3,000 $500 – $2500

This will make Mozilla more competitive specially compared to Google which currently pays up to $15,000 for a similar catch in Google Chrome.