Mozilla Jazzes Up Its Firefox Bug Bounty Program With Better Rewards And Duplicate Submissions

  •  
  •  
  •  
  •  
  •  
  •  
  •  

Mozilla now comes with some good news for bug bounty hunters. As revealed, Mozilla has jazzed up their Firefox Bug Bounty Program with higher rewards. They will accept duplicate submissions from the researchers.

Big Rewards In Mozilla Firefox Bug Bounty Program

In a recent post, Mozilla announced changes to their Firefox Bug Bounty Program. The program that dates back to 2004 has rewarded thousands of dollars as bounties to researchers for reporting various bugs. Yet, now, they tend to make the bug bounty program more lucrative.

So now, as stated in their post, they will pay more rewards for higher impact flaws. They have included sandbox escapes and related vulnerabilities in the program with a baseline reward of $8000, awarding up to $10,000 for high-quality reports. Likewise, the proxy bypass bugs will bear a baseline reward of $3000, reaching up to $5000 for high-quality reports.

They also announce that the said bounty rewards aren’t specific. Rather a researcher may earn more for reports with better outcomes. As stated by Mozilla,

A bounty amount is not determined based on your initial submission, but rather on the outcome of the discussion with developers. So improving test cases post-submission, figuring out if an engineer’s speculation is founded or not, or other assistance that helps resolve the issue will increase your bounty payout.

Accepting Duplicate Submissions

Another interesting update in their bug bounty program is the acknowledgment to duplicate bugs for rewards. If a researcher submits a bug report hours after another researcher reported the same vulnerability, Mozilla will acknowledge both. Accordingly, Mozilla will divide the bounty money among both researchers. With this step, Mozilla tends to abandon their current ‘first reporter wins’ policy for bounty. As stated,

From now on, we will split the bounty between all duplicates submitted within 72 hours of the first report; with prorated amounts for higher quality reports.

Whereas, the researchers may also donate their bounty to charity if they wish.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!