Mozilla ups the ante, gives away $3,000 for Firefox bugs

Posted by Mike Luttrell

Attention all expert hackers: find a serious vulnerability in Firefox or Thunderbird and you could get $3,000! And a free t-shirt to boot.

Mozilla's Bug Bounty Program, which rewards users for submitting tips about security vulnerabilities in its software programs, will be getting the major upgrade on August 1.

Rewards will be granted for any user who submits a reproducible bug that permits "execution of arbitrary code on users' systems" or "access to users' confidential information" such as passwords or credit card numbers.

Those are the risks that Mozilla classifies as "high" or "critical." Anything less, including vulnerabilities that only expose information like browsing history, or a denial of service (DoS) attack, is not eligible for the top prize.

Additionally, the $3,000 bounty only applies to users who find a bug in the most current version of Mozilla's software programs, which include Internet browser Firefox, e-mail client Thunderbird, and the mobile version of Firefox.

The capital for the program is being initially provided by Mark Shuttleworth and Linspire, two big names in the open-source community.

The Bug Bounty Program has been in place since 2004 but until now has provided a relatively little reward to any user who finds a significant glitch.

Google offers a similar program, offering users up to $1337 (clever?) for discovering severe exploits. The idea is obviously that hackers would rather cash in on privately disclosing the vulnerability than exploiting it themselves for a little Internet fame, but no money.