Mozilla representatives reported on the expansion of the vulnerability bounty program, which has been enriched with a new category. Now researchers will be paid not only for the bugs themselves, but also for techniques to bypass Firefox's defenses.
Mozilla engineers write that in the past, bypassing security mechanisms was generally regarded as a low to medium severity problem. Now, under the new Exploit mitigation bug bounty program, researchers will be able to receive a reward of up to $ 5,000 for such bugs.
You can earn up to $ 5,000 by discovering the possibility of bypassing privileged access protection. But if a specialist discovers a problem that allows you to bypass protection without having high privileges (as a rule, in such cases we are talking about a whole chain of vulnerabilities), he will be able to claim a reward for the vulnerability itself and a fifty percent bonus for bypassing protection.
Mozilla also continues to encourage researchers to test Firefox Nightly, but vulnerabilities found in this build will only be rewarded if they are not noticed by Mozilla developers themselves within four days of posting the code in which the bug crept into the repository.