To celebrate the 1.0 Firefox 15 anniversary of the release , Mozilla made significant changes to its Web bug bounty program.
Speaking of the current Web browsers, especially in the developer crowd, Firefox is a must mention exists. Firefox constantly concerned about security, released last month, Firefox 70 once again enhanced tracking protection. Now on security issues, Mozilla decided to significantly increase its vulnerability reward amount.
Mozilla in a blog specific changes introduced in the bounty program:
Bounty increase
According to " Web Services and Bug Bounty Program " (Web services and bug bounty program) page, will focus on key sites, all Web sites and other core expenses Mozilla site doubled . In addition, to remote code execution bug on key sites expenditure tripled , reaching $ 15,000.
Add a new key sites
In the past six months will be extended Web Bug bounty program to the following site:
- Autograph - Mozilla product for signing cryptographic signature services.
- Lando - Mozilla's new automatic code landing (code-landing) service, you can easily submit Phabricator revisions to its target repository.
- Phabricator - code management tool for viewing Firefox code changes.
- Taskcluster - Mozilla's support continuous integration and release process (core upgraded from critical) task execution framework.
关键站点具体信息查看:
https://www.mozilla.org/en-US/security/bug-bounty/web-eligible-sites/#critical-sites
添加新的核心站点
扩展了以下任务核心站点:
- Firefox Monitor – 可以在其中注册电子邮件地址的网站,以便在帐户详细信息发生数据泄露的情况下通知用户。
- Localization – 服务提供者可以用来帮助本地化 Mozilla 产品。
- Payment Subscription – 付款前的界面服务。
- Firefox Private Network – 可以从中下载桌面扩展程序的站点,该扩展可以在使用 Firefox 的任何地方确保安全并保护连接。
- Ship It – 该系统接受来自人的发布请求,将其转换为基于 Buildbot 的发布自动化可以处理的信息并发出请求。
- Speak To Me – Mozilla 的语音识别 API。
核心站点具体信息查看:
https://www.mozilla.org/en-US/security/bug-bounty/web-eligible-sites/#core-sites
Mozilla 介绍当前这些变化已经开始应用于最近报告的 Web bug 中,详情查看发布公告:
https://blog.mozilla.org/security/2019/11/19/updates-to-the-mozilla-web-security-bounty-program