image
Mozilla is bumping up its bug bounty payouts and has added new websites and services – including the recently deployed Firefox Monitor– to its bug bounty program in hopes of attracting more researchers to sniff out vulnerabilities. The browser-maker is doubling bug bounty payouts for most of its in-scope sites and services, as well as tripling payouts for the highest bug classification in its program, remote code execution vulnerabilities. Researchers can now bring in $15,000 for RCE flaws on “critical websites” (sites and services considered critical to Mozilla operations, which pay out at the highest bounty rate) and $5,000 for “core websites” (which pay out bounties, but at a reduced rate). “Mozilla was one of the first companies to establish a bug bounty program and we continually adjust it so that it stays as relevant now as it always has been,” said Simon Bennetts with Mozilla in a Tuesday announcement. “To celebrate the 15 years of the 1.0 release of Firefox, we are making significant enhancements to the web bug bounty program.” In addition, Mozilla announced that over the past six months, it has added new in-scope “critical websites” and services for its program. This includes: Autograph – a cryptographic signature service that signs Mozilla products. Lando – Mozilla’s automatic code-landing service which allows users to commit Phabricator revisions to their destination repository. Phabricator – a code management tool used for reviewing Firefox code changes….

Source