Mozilla pays 12-year-old $3,000 for finding critical Firefox flaw

By on October 23, 2010, 1:55 PM
Mozilla pays a bounty to security researchers who disclose vulnerabilities they find in an appropriate manner. The latest security researcher to get paid is none other than Alex Miller, a 12-year-old boy. Miller found and reported a critical buffer overflow and memory corruption flaw in Mozilla's Firefox browser and earned $3,000 for his discovery, according to Mercury News. Miller says he was motivated to search for Firefox security holes after Mozilla increased its bug bounty from $500 to $3,000.

The seventh grader, who described himself as a Firefox loyalist, has reported a Firefox vulnerability in the past, but that one did not qualify for the cash payout. Annoyed at not getting rewarded the first time, Miller says he spent about 90 minutes each day for about 10 days until he spotted a flaw in the memory of the running program. In other words, he examined code for about 15 hours, and was paid $200 per hour for it.

The flaw can be exploited to crash a victim's browser and potentially run arbitrary code on their computer. It was patched this week in Firefox 3.6.11 and Firefox 3.5.14, but also affects Mozilla's Thunderbird 3.1.5, Thunderbird 3.0.9, and SeaMonkey 2.0.9. It looks like in the world of open source bug hunting, age is not a factor.





User Comments: 47

Got something to say? Post a comment
bakape said:

HAHAHAHA! I've been laughing ever since I read the title Great job kiddo!

bugejakurt said:

Nice man you got a career on your path.

Guest said:

He looks like a young Bill Gates.

Alster37 Alster37 said:

It must be so hard to find flaws in security browsers unless you know generally a lot about computer coding

blimp01 said:

this kids gona create his own OS and rule the market in a few years

grvalderrama said:

wow, poor kid, that is not the way to carry a 12 year-old life.

Guest said:

i don't get it? how do these kids know so much at such a young age?

madboyv1, TechSpot Paladin, said:

Kids these days are far more computer oriented than 10 years ago, and the wealth of open information and open source software has exploded in the last 5 years. It is not particularly any surprise considering how connected they are now, and congrats to the kid for his find.

Though, I do lament the drop in the concept/enjoyment of "going out to play" that seems to be occurring.

grvalderrama said:

madboyv1 said:

Though, I do lament the drop in the concept/enjoyment of "going out to play" that seems to be occurring.

Agreed.

Guest said:

If I own Mozilla Firefox, I will give more.

What is $3,000 if you are making millions.

DokkRokken said:

grvalderrama said:

wow, poor kid, that is not the way to carry a 12 year-old life.

Why not? He's spent hours becoming amazingly proficient in a very useful field all on his own, and applied himself. I'd say those are very admirable traits in a twelve year old.

Good job, kiddo!

Guest said:

You shouldn't call him a Bill Gates, based on the background on the photo :)

Guest said:

You are right. Please accept my apology

kakarot27 said:

200 dollars an hour.......NICE good job

grvalderrama said:

DokkRokken said:

grvalderrama said:

wow, poor kid, that is not the way to carry a 12 year-old life.

Why not? He's spent hours becoming amazingly proficient in a very useful field all on his own, and applied himself. I'd say those are very admirable traits in a twelve year old.

Good job, kiddo!

Exactly, I believe (and so does madboyv1, I pressume) he should spend more time doing what 12 year old boys should do. You may say "hey, he's just earned 3000 dollars! who cares what he should be doing!" and I wonder at what cost he earned that amount of money. Think about it, what were you doing when you were 12 year-old?

Wendig0 Wendig0, TechSpot Paladin, said:

blimp01 said:

this kids gonna [sic] create his own OS and rule the market in a few years

Agreed! This brilliant young man will go far in life!

grvalderrama said:

wow, poor kid, that is not the way to carry a 12 year-old life.

That comment is like me saying, 'making parenting judgments online instead of chasing tail at a club is no way to lead a 22 year old's life.' It just doesn't wash.

Don't judge him. What he perceives as fun may be completely different that what you or I considered "fun" at 12 years old. If he's finding security flaws in Firefox at 12, he's obviously extremely gifted. That gift should be reinforced and nurtured. I would say "poor kid" if his parents were forcing him to become a computer geek instead of letting him play with his friends, but that doesn't seem to be the case according to the story.

You really have no idea what his life is like. For all we know, he's got more friends than you or I ever had. Geeks are the new jocks dude.

tweakboy tweakboy said:

This guy is a genius He looks like Bill Gates son.

customcarvin customcarvin said:

Obviously some of you here are conformists! Who cares if he doesnt do what "normal" 12 year olds do! I think it's a good thing that he's not "normal" it sets him apart and makes him special from the average Joe Blow... Hmmm lets see here what do "normal" 12 year old do? -throw balls and hit them with wooden sticks, or burn ants, or throw rocks at abandoned biuldings, or ride bikes off of sweet jumps, or play wii... This kid's examining browser code for vulnerability, that's &$;#! amazing!

As long as the kid is happy and healthy I say more power to him. I wish I had intelligence of that caliber!

grimm808 said:

I had a screw up today in firefox were it locked up and I had to restart it while I was mutli-tab browsing, too bad i'm not smart enough to figure out if it was a big problem (which it more than likely isn't).

freythman freythman said:

Good job, kid. Now go outside and play before your childhood is gone.

ElShotte ElShotte said:

Great job for someone his age, he will probably go far in life. Also, that's a great addition to his resume when he's old enough to have one. But yeah, like others have pointed out, if he spends most of his time on his computer, alone, his social skills might be non-existent when he turns, let's say, 18, might be difficult to find a prom date. He's lucky he's got them blue eyes, that's always a winner

jizzyburnizzy said:

crazy smart kid, where was he when Vista was released?

63Jax said:

lucky son of a *****

Guest said:

Uh... define "normal 12 year old". Not everyone should or does fit into your preconceived notion of what a normal 12 year old does or is.

Nobody is the same. People can be similar, but likely never the same.

His chosen and other young people should have their chosen trade nurtured so that we might compete with the world in science, math, and possibly innovation again.

frenzoff said:

gratz to the kid, personally im impressed that a 12 year old kid noticed a flaw that most programmers missed

as for increasing the reward to $3000, it certainly is a big incentive but i can imagine people examing every line of code mozilla has now just for an easy chance at some money

polowise1 said:

Thanks Alex! I use FF. I think you should get more than that ( future job / help with school, college $) because if it had spread, crashed users browsers and potentially run arbitrary code on their computer, it would have cost more to fix, then again being great full is a good thing too and you definitely have a bright future ahead of you man, keep up the good work dude.

alinsaviuc said:

I don't think is luck.

JMMD JMMD, TechSpot Chancellor, said:

Good for him. I wasn't doing anything nearly as productive at his age.

Zecias said:

Frenzoff said:

gratz to the kid, personally im impressed that a 12 year old kid noticed a flaw that most programmers missed

as for increasing the reward to $3000, it certainly is a big incentive but i can imagine people examing every line of code mozilla has now just for an easy chance at some money

its not really ez money, if you've ever done any programming, its really hard to find errors in code, especially if u didn't write it.

rizalp said:

zecias said:

Frenzoff said:

gratz to the kid, personally im impressed that a 12 year old kid noticed a flaw that most programmers missed

as for increasing the reward to $3000, it certainly is a big incentive but i can imagine people examing every line of code mozilla has now just for an easy chance at some money

its not really ez money, if you've ever done any programming, its really hard to find errors in code, especially if u didn't write it.

I have done a few programming. And i often spend hours to find a bug, in my own written code. This kid really amazed me. I guess there is still many things we need to learn in the programming world

Renegeek said:

Good for him, i bet some day, if he keeps going he could be the next Bill Gates, or a Facebook, or Google, or Myspace, CEO... Billionare... Congrats man...

Guest said:

He looks like malcolm in malcolm in the middle!

AmanEatingChair said:

That is an amazing story. Who says you need a degree to be a Computer Engineer? lol

I would have been frustrated after a half hour of not finding anything. Well done, sir.

TechDisciple said:

Amazing! Makes me want to go bug hunting.

crazyboy88 said:

Mozilla should have given the kid a bigger prize... I mean $3,000 for a security flaw. I'm sure the money they saved from finding the security flaw is worth more than a measly $3k.

highlander84 said:

When I was 12 and now are 2 completely different things. I might understand if he was a blob of a kid sitting in front of his computer all day banging away at WOW or something. (everyone has see the youtube video of the fat kid getting his WoW taken away) From the looks of it tho, he is doing something more that most 12 Year-olds. Lets see go out and play... What is that for a 12year old now? going to the mall, being an annoyance to everyone? Spray painting walls. Doing drugs? Good Job Kid you got my 2 thumbs up.

uttaradhaka said:

This is an awesome testament to the power of the internet and the open source community that a seventh grader is already contributing to the world. We do indeed live in an amazing world.

Micael said:

Amazing individual, i wonder where he learned all of this.

Benny26 Benny26, TechSpot Paladin, said:

Too bad he can't spend it till he's 18..(because his mummy says so) lol

Brodieeee said:

blimp01 said:

this kids gona create his own OS and rule the market in a few years

Google will most likely get to him first!!

Guest said:

so im not the only one who thought he would be perfect for playing a young bill gates if there is ever gonna be a movie on him.

frodough said:

for one thing this kid has the brain and dedication, and he looked like bill gates' long lost child. i think that hair cut is what won me over.

oasis789 said:

that kid will go far. hope he stays 'white hat'.

jamrockj2324 said:

I wish my brain was as enhanced as his at the age of 12, shoot I'm still learning about this world of technology! - Keep up the good work kid.

Guest said:

I found and posted a couple - never got anything. Mozilla doesn't care about bugs or security - they care about bells and whistles. That's where they spend all their time.

princeton princeton said:

He's definitely going places.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.