Home Hacking News Mozilla Jazzes Up Its Firefox Bug Bounty Program With Better Rewards And Duplicate Submissions
Hacking NewsLatest Cyber Security News | Network Security HackingNews

Mozilla Jazzes Up Its Firefox Bug Bounty Program With Better Rewards And Duplicate Submissions

by Abeerah Hashim
written by Abeerah Hashim
Mozilla patched BigSig NSS bug

Mozilla now comes with some good news for bug bounty hunters. As revealed, Mozilla has jazzed up their Firefox Bug Bounty Program with higher rewards. They will accept duplicate submissions from the researchers.

Big Rewards In Mozilla Firefox Bug Bounty Program

In a recent post, Mozilla announced changes to their Firefox Bug Bounty Program. The program that dates back to 2004 has rewarded thousands of dollars as bounties to researchers for reporting various bugs. Yet, now, they tend to make the bug bounty program more lucrative.

So now, as stated in their post, they will pay more rewards for higher impact flaws. They have included sandbox escapes and related vulnerabilities in the program with a baseline reward of $8000, awarding up to $10,000 for high-quality reports. Likewise, the proxy bypass bugs will bear a baseline reward of $3000, reaching up to $5000 for high-quality reports.

They also announce that the said bounty rewards aren’t specific. Rather a researcher may earn more for reports with better outcomes. As stated by Mozilla,

A bounty amount is not determined based on your initial submission, but rather on the outcome of the discussion with developers. So improving test cases post-submission, figuring out if an engineer’s speculation is founded or not, or other assistance that helps resolve the issue will increase your bounty payout.

Accepting Duplicate Submissions

Another interesting update in their bug bounty program is the acknowledgment to duplicate bugs for rewards. If a researcher submits a bug report hours after another researcher reported the same vulnerability, Mozilla will acknowledge both. Accordingly, Mozilla will divide the bounty money among both researchers. With this step, Mozilla tends to abandon their current ‘first reporter wins’ policy for bounty. As stated,

From now on, we will split the bounty between all duplicates submitted within 72 hours of the first report; with prorated amounts for higher quality reports.

Whereas, the researchers may also donate their bounty to charity if they wish.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses