As part of a refresh of the company’s Security Bug Bounty Program, Mozilla has announced it is now offering a $3,000 cash reward to security researchers for information on security bugs found in its products. The move represents a huge increase over the $500 per bug payout that Mozilla has been offering since 2004, and now applies not only to Firefox and the Thunderbird email client, but also to their Firefox mobile browser and other services the products rely on -- even betas.
Mozilla believes one of the best ways to keep users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information. That said, the organization warned it reserves the right to deny a bounty payment to a researcher if it deems the person has not acted in the best interests of users. A reward will still be paid if the researcher doesn't have time to work closely with Mozilla's security team to fix it, or even if he decides to go public with his discovery, although they strongly encourage researchers to disclose bugs privately.
As Computerworld notes
, the new bounty is now six times the normal payment by Google for flaws in its Chrome browser, and more than double the maximum $1,337 that the Internet giant pays for the most severe bugs.