Zerodium is an American information security company founded in 2015 based in Washington, D.C. Its main business is getting premium zero-day vulnerabilities with functional exploits from security researchers and companies, and reporting the research, along with protective measures and security recommendations, to its corporate and government clients.
Zerodium said that it will give up to $1 million for completely functional, private zero day exploits for Tor Browser on Linux and Windows. Clearly, the company said that it will give $250,000 for combined remote code execution and local privilege escalation flaws that work on both Tails and Windows to root/system, or $200,000 for combined bugs in Tails or Windows. It will pay a bounty for just RCE flaws, and flaws executed when JavaScript is enabled.
According to Zerodium:
“ZERODIUM, the premium zero-day acquisition platform, announces and hosts a Tor Browser Zero-Day Bounty. ZERODIUM will pay a total of one million U.S. dollars ($1,000,000) in rewards to acquire zero-day exploits for Tor Browser on Tails Linux and Windows. The bounty is open until November 30th, 2017 at 6:00pm EDT, and may be terminated prior to its expiration if the total payout to researchers reaches one million U.S. dollars ($1,000,000).”
Zerodium said that Tor network and Tor Browser are fantastic projects that enable legitimate users to enhance their privacy and security on the internet, the Tor network and browser are, in many cases, used by evil people to conduct activities such as drug trafficking or child abuse. They have started this unique bounty for Tor Browser zero-days to help government fight crime and make the world a better and safer place for all.