The Mozilla Security Bug Bounty Program originally launched back in 2004. When it was first announced the programs reward for bugs was limited to just $500. Today several other companies, including Google have launched similar programs offering up more and more money for users that can find critical holes in their web browsers.
Eligible security vulnerabilities must be remotely exploitable (over the web or a local network) and not previously have been publicly documented.
Reward Guidelines
The bounty will be awarded for sg:critical and sg:high severity security bugs that meet the following criteria:- Security bug must be original and previously unreported.
- Security bug must be a remote exploit.
- Security bug is present in the most recent supported, beta or release candidate version of Firefox, Thunderbird, Firefox Mobile, or in Mozilla services which could compromise users of those products, as released by Mozilla Corporation or Mozilla Messaging.
- Security bugs in or caused by additional 3rd-party software (e.g. plugins, extensions) are excluded from the Bug Bounty program.
- Submitter must not be the author of the buggy code nor otherwise involved in its contribution to the Mozilla project (such as by providing check-in reviews).
- Employees of the Mozilla Foundation and its subsidiaries are ineligible.
Mozilla reserves the right to not give a bounty payment if we believe the actions of the reporter have endangered the security of Mozilla's end users. If two or more people report the bug together the $3000 reward will be divided among them.
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net