Mozilla pays 12-year-old $3,000 for finding critical Firefox flaw

Emil

Posts: 152   +0
Staff

Mozilla pays a bounty to security researchers who disclose vulnerabilities they find in an appropriate manner. The latest security researcher to get paid is none other than Alex Miller, a 12-year-old boy. Miller found and reported a critical buffer overflow and memory corruption flaw in Mozilla's Firefox browser and earned $3,000 for his discovery, according to Mercury News. Miller says he was motivated to search for Firefox security holes after Mozilla increased its bug bounty from $500 to $3,000.

The seventh grader, who described himself as a Firefox loyalist, has reported a Firefox vulnerability in the past, but that one did not qualify for the cash payout. Annoyed at not getting rewarded the first time, Miller says he spent about 90 minutes each day for about 10 days until he spotted a flaw in the memory of the running program. In other words, he examined code for about 15 hours, and was paid $200 per hour for it.

The flaw can be exploited to crash a victim's browser and potentially run arbitrary code on their computer. It was patched this week in Firefox 3.6.11 and Firefox 3.5.14, but also affects Mozilla's Thunderbird 3.1.5, Thunderbird 3.0.9, and SeaMonkey 2.0.9. It looks like in the world of open source bug hunting, age is not a factor.

Permalink to story.

 
It must be so hard to find flaws in security browsers unless you know generally a lot about computer coding
 
i don't get it? how do these kids know so much at such a young age?
 
Kids these days are far more computer oriented than 10 years ago, and the wealth of open information and open source software has exploded in the last 5 years. It is not particularly any surprise considering how connected they are now, and congrats to the kid for his find.

Though, I do lament the drop in the concept/enjoyment of "going out to play" that seems to be occurring.
 
If I own Mozilla Firefox, I will give more.

What is $3,000 if you are making millions.
 
grvalderrama said:
wow, poor kid, that is not the way to carry a 12 year-old life.

Why not? He's spent hours becoming amazingly proficient in a very useful field all on his own, and applied himself. I'd say those are very admirable traits in a twelve year old.

Good job, kiddo!
 
You shouldn't call him a Bill Gates, based on the background on the photo :)
 
DokkRokken said:
grvalderrama said:
wow, poor kid, that is not the way to carry a 12 year-old life.

Why not? He's spent hours becoming amazingly proficient in a very useful field all on his own, and applied himself. I'd say those are very admirable traits in a twelve year old.

Good job, kiddo!

Exactly, I believe (and so does madboyv1, I pressume) he should spend more time doing what 12 year old boys should do. You may say "hey, he's just earned 3000 dollars! who cares what he should be doing!" and I wonder at what cost he earned that amount of money. Think about it, what were you doing when you were 12 year-old?
 
blimp01 said:
this kids gonna [sic] create his own OS and rule the market in a few years

Agreed! This brilliant young man will go far in life!

grvalderrama said:
wow, poor kid, that is not the way to carry a 12 year-old life.

That comment is like me saying, 'making parenting judgments online instead of chasing tail at a club is no way to lead a 22 year old's life.' It just doesn't wash.

Don't judge him. What he perceives as fun may be completely different that what you or I considered "fun" at 12 years old. If he's finding security flaws in Firefox at 12, he's obviously extremely gifted. That gift should be reinforced and nurtured. I would say "poor kid" if his parents were forcing him to become a computer geek instead of letting him play with his friends, but that doesn't seem to be the case according to the story.

You really have no idea what his life is like. For all we know, he's got more friends than you or I ever had. Geeks are the new jocks dude.
 
Obviously some of you here are conformists! Who cares if he doesnt do what "normal" 12 year olds do! I think it's a good thing that he's not "normal" it sets him apart and makes him special from the average Joe Blow... Hmmm lets see here what do "normal" 12 year old do? -throw balls and hit them with wooden sticks, or burn ants, or throw rocks at abandoned biuldings, or ride bikes off of sweet jumps, or play wii... This kid's examining browser code for vulnerability, that's &$;#! amazing!

As long as the kid is happy and healthy I say more power to him. I wish I had intelligence of that caliber!
 
I had a screw up today in firefox were it locked up and I had to restart it while I was mutli-tab browsing, too bad i'm not smart enough to figure out if it was a big problem (which it more than likely isn't).
 
Great job for someone his age, he will probably go far in life. Also, that's a great addition to his resume when he's old enough to have one. But yeah, like others have pointed out, if he spends most of his time on his computer, alone, his social skills might be non-existent when he turns, let's say, 18, might be difficult to find a prom date. He's lucky he's got them blue eyes, that's always a winner ;)
 
Back