In honor of the fifteenth anniversary of the Firefox browser, Mozilla announced that it is expanding its reward program for vulnerabilities to include a number of new sites and services. In addition, the amount of rewards for some types of bugs has been tripled.
So, now the following sites and services are included in the bug bounty program. The list of the main sites and services has been expanded: Firefox Monitor, Localization , Payment Subscription, Firefox Private Network, Ship It and Speak To Me. In addition, over the past six months, the list of critical sites has been expanded to Autograph, Lando, Phabricator and Taskcluster.
However, as mentioned above, the matter was not limited to the expansion of the program, and now payments for the Web and Services Bug Bounty program, which includes all the critical, main and other Mozilla sites, have doubled. In turn, payments for remote code execution on critical sites were immediately tripled – up to $ 15,000.
It should be noted that, in spite of such a “raising bets”, the bug bounty Mozilla still looks rather modest when compared with competitors. For example, for detecting a critical bug in the new Microsoft Edge based on Chromium, you can get up to $ 30,000.