eLearnSecurity Blog

Guess How Much Mozilla Increased the Payout in Their Bug Bounty Reward Program

Information security researchers, here’s something you might fancy. Mozilla has increased their five-year bug bounty reward program to as much as 10,000 USD (or more). To date, Mozilla has paid up to 1.6 Million USD in their Firefox Bug Bounty Program since 2010 and they are sweetening the deal by providing more monetary reward options when submitting your reports.

mozilla bug bounty

Mozilla Bug Bounty Reward Program

“We have dramatically increased the amount of money that a vulnerability is worth. On top of that, we took a look at how we decided how much we should pay out.” Mozilla engineer, Raymond Forbes, writes in a blogpost. “Rather than just one amount that can be awarded, we are moving to a variable payout based on the quality of the bug report, the severity of the bug, and how clearly the vulnerability can be exploited.”

Depending on the severity of the bug, you can earn a minimum of 500-2500 USD for Medium vulnerabilities to 7500 USD for a High quality bug report with clearly exploitable critical vulnerability. For those who are able to find Exceptional vulnerabilities or new form of exploits, you can reap the 10, 000 USD reward.

Type/Level of Bug Reward
Medium vulnerability 500 – 2500 USD
Minimum for a high or critical vulnerability 3000 USD
High quality bug report of a critical or high vulnerability 5000 USD
High quality bug report with clearly exploitable critical vulnerability 7500 USD
Novel vulnerability and exploit, new form of exploitation or an exceptional vulnerability 10000 USD (or more)

IT companies use bug bounty programs to attract IT Security enthusiasts in submitting vulnerabilities.

“Hiring bug bounty hunters attract more information security researchers to find vulnerabilities as internal testing may cost much more.” IT Security Researcher, Francesco Stillavato, says. “In turn, it also helps budding IT Security enthusiasts to enhance their skills in searching for those bugs.”

Learn more about the bug bounty program here: Mozilla Client Bug Bounty Program

Web Application Penetration Testing version 2

WAPT product boxWe’re launching the finest training course on web application security. Learn to pentest and find vulnerabilities in web apps with Web Application Penetration Testing version 2 – WAPTv2. Join us for the course launch on June 23! Register for FREE here – WAPTv2 Course Launch


francesco stillavatoFrancesco Stillavato is a Senior IT Security researcher and instructor at eLearnSecurity with 6 years of experience in different aspects of Information Security. His experience spans from web application secure coding to secure network design. He has contributed to the Joomla project as a Developer and has conducted a number of assessments as a freelance.

Twitter: https://twitter.com/litsnarf
LinkedIn: https://www.linkedin.com/in/stillavatofrancesco

Tags: , , ,


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page