Mozilla Increases Bounty Payouts to the Mozilla Web Security Bounty Program

Mozilla has made significant changes to its Mozilla Web Security Bounty Program. Currently talking about web browsers, especially in the developer community, Firefox has to mention its existence. Firefox keeps mentioning security, and Firefox 70, released last month, has once again enhanced tracking protection. Now on security issues, Mozilla decided to significantly increase bounty payouts to its vulnerabilities.

According to the Web and Services Bug Bounty Program page, double the total web spend for critical sites, core sites, and other Mozilla sites. In addition, the cost of executing bugs for remote code on critical sites doubled to $15,000.

The details about the Mozilla web security bounty program is the below

Adding New Critical Sites to the Program

• Autograph – a cryptographic signature service that signs Mozilla products.
• Lando – Mozilla’s new automatic code-landing service which allows us to easily commit Phabricator revisions to their destination repository.
• Phabricator – a code management tool used for reviewing Firefox code changes.
• Taskcluster  the task execution framework that supports Mozilla’s continuous integration and release processes (promoted from core to critical).

Adding New Core Sites to the Program

• Firefox Monitor – a site where you can register your email address so that you can be informed if your account details are part of a data breach.
• Localization – a service contributors can use to help localize Mozilla products.
• Payment Subscription – a service that is used as the interface in front of the payment provide (Stripe).
• Firefox Private Network – a site from which you can download a desktop extension that helps secure and protect your connection everywhere you use Firefox.
• Ship It – a system that accepts requests for releases from humans and translates them into information and requests that our Buildbot-based release automation can process.
• Speak To Me – Mozilla’s Speech Recognition API.