Appears Mozilla will give you $500 if you can find a serious security flaw in its browser (firefox included) or its Thunderbird mail client. Seems to me like a pretty good idea, gives incentive for some people to just get paid rather than unleashing one of their latest virii.

"A string of high-profile flaws in browser software prompted the Mozilla Foundation to announce on Monday that it would offer $500 for every serious bug found by security researchers.

The announcement comes a week after the Mozilla Foundation, which directs development of the Mozilla and Firefox browsers and the Thunderbird e-mail client, confirmed that the group's browsers had two serious issues in dealing with digital certificates, the identity cards of the Internet. Last Friday, Microsoft fixed serious vulnerabilities in its Internet Explorer browser, some of which have been widely known since June.
"