Mozilla on Thursday improves bug bounty expenses six-fold by raising standard cash award to $3,000

The new bounty for vulnerabilities in Firefox, Firefox Mobile plus Thunderbird is as well six times the regular payments by Google for faults in its Chrome browser, and additional than doubles maximum $1,337 that Google pays for the majority severe bugs.

Mozilla and Google are only browser creators that pay security researchers for reporting vulnerabilities in their creations. "Plenty has distorted in this six years as the Mozilla program was proclaimed, and we consider that one of best ways to maintain our users safe is to make it efficiently sustainable for security researchers to do correct thing when reveal information," said Lucas Adamski, director of security engineering. Mozilla kicked off its bounty program in August 2004.

Only bugs that Mozilla ranks "critical" or "high" its apex two ratings are entitled for payment. In Mozilla's ladder, dangerous vulnerabilities are those that permit remote code implementation; in other words, ones that when subjugated give attacker full control of machine. High vulnerabilities are those that depiction "high-value" individual information, for example usernames, passwords and credit card numbers. Denial-of-service faults are not entitled for a bounty, Mozilla said.