Mozilla increased the rewards for reporting bugs in Firefox. Not only have the rewards for finding vulnerabilities in Firefox been increased, but also the bug bounty program has been further expanded.
Mozilla is one of the first with a reward program for researchers who find bugs in Firefox and report these bugs to Mozilla.
When Mozilla started in 2004, researchers received up to 500 dollars for their submissions. That amount has increased over the years. From 2017 to 2019, Mozilla paid almost $966,000 for 348 reported vulnerabilities. On average, the reward was just under $2800 per bug.
Mozilla notes that a reward of $4000 was most often paid out.
Reports of serious vulnerabilities were, on average, rewarded between $3,000 and $5,000.
Mozilla increased those amounts, using a base level of 8000 dollars. When the bug is well documented, even $10,000 can be paid out.
In addition, the browser developer stops using the “first come, first served” principle.
When researchers in the past reported the same vulnerability, only the person who reported the bug first received a reward.
Now, the reward will be distributed to all those who submitted the vulnerability within 72 hours of the first report.
Mozilla will also share more information on how to test Firefox. This way, more people should participate in the bug search, which should improve the security of the browser.