In association with heise online

15 December 2010, 17:04

Mozilla pays premiums for reports of vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Mozilla Foundation has followed Google's example by expanding its rewards program for reports of vulnerabilities in its Web applications. The reward for reported holes ranges from $500 for vulnerabilities with a high degree of severity, up to $3,000 for highly critical vulnerabilities.

The web sites under examination include,,,,, and In particular, cross-site scripting and cross-site request forgery vulnerabilities and remote and local file inclusion are the focus of the program. There are no prizes for reporting DoS vulnerabilities. A FAQ explains the details of the program.

Google had recently launched a similar program, but found that after two weeks it was forced to clarify which holes qualified for a reward.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit