Categories: Bug Bounty

Firefox CodeQL Databases Available for Download

In November of 2019 we added static analysis bounties for CodeQL queries and Clang plugins. Github has a great CodeQL portal with detailed instructions for creating a database that will work efficiently with Firefox.

Generating that database might be a time consuming task, because building historical versions of Firefox can be bulky due to toolchain changes over time. On the flip side, building historical CodeQL databases of Firefox can be rewarding because we will pay a bounty for CodeQL queries that match previously fixed security issues.

Given all this, we are making CodeQL databases available for download for Firefox versions 68 through the present. You can find them on S3 at https://bug-bounty-codeql-databases.s3.us-east-2.amazonaws.com/index.html – if you have any issues with the databases or find some missing, please email security@mozilla.org