Categories: Security

Web Bounty Update

It has been just over a month since we announced the expansion of our bounty program to include selected web applications.  We have received many bug reports and have awarded $40,000. We will make the resolved bugs public shortly as these issues are no longer a threat to the community and our users.

Since the announcement of the web bounty program, we have received many security bug reports for sites outside of the bounty. We want to reiterate the eligible sites and applications for the bounty.

  • addons.mozilla.org
  • aus*.mozilla.org
  • bugzilla.mozilla.org
  • download.mozilla.org
  • getpersonas.com
  • pfs.mozilla.org
  • services.addons.mozilla.org
  • versioncheck.addons.mozilla.org
  • www.mozilla.com/org
  • www.firefox.com
  • www.getfirefox.com
  • *.services.mozilla.com

We want to focus our attention on security issues that protect Firefox users.  We excluded other sites for various reasons, including: we plan on replacing them, or we have put these systems in a read only state to lessen their impact. Further details can be found on the Web Security Bounty FAQ, which should be reviewed before submitting a web bounty bug.

Thanks to all the bug submitters for their contributions; the program has been a great success.  Beyond the monetary rewards, we sent Mozilla T-shirts to an additional 23 people who submitted security bugs that did not qualify for the web bug bounty. We are in the process of triage for the next round of payments and more should be going out soon.

Chris Lyon
Director of Infrastructure Security

4 comments on “Web Bounty Update”

  1. Carl Stevens wrote on

    Bugs – Hell ya, I get 10-100 per day through your web browsing. I use AVG security and would love to give you the list of bugs i get.

  2. av software wrote on

    @ Carl Stevens: No offense. But maybe you should check AVG? Any type of antivirus software will conflict with other applications, no?

  3. steve wrote on

    my firefox keeps on refreshing itself every 60 seconds any ideas? email on sb1966@maltanet.net

  4. Likeyaneedtoknow wrote on

    @steve, did anyone install the add-on “Refreshevery” or something? that’s just what I think it might be.

    But, a bug I always get on your sites is a encrypted page that contains some unencrypted information, but I don’t know why?!