Mozilla pays 12-year-old $3,000 for finding critical Firefox flaw

By on
Mozilla pays a bounty to security researchers who disclose vulnerabilities they find in an appropriate manner. The latest security researcher to get paid is none other than Alex Miller, a 12-year-old boy. Miller found and reported a critical buffer overflow and memory corruption flaw in Mozilla's Firefox browser and earned $3,000 for his discovery, according to Mercury News. Miller says he was motivated to search for Firefox security holes after Mozilla increased its bug bounty from $500 to $3,000.

The seventh grader, who described himself as a Firefox loyalist, has reported a Firefox vulnerability in the past, but that one did not qualify for the cash payout. Annoyed at not getting rewarded the first time, Miller says he spent about 90 minutes each day for about 10 days until he spotted a flaw in the memory of the running program. In other words, he examined code for about 15 hours, and was paid $200 per hour for it.

The flaw can be exploited to crash a victim's browser and potentially run arbitrary code on their computer. It was patched this week in Firefox 3.6.11 and Firefox 3.5.14, but also affects Mozilla's Thunderbird 3.1.5, Thunderbird 3.0.9, and SeaMonkey 2.0.9. It looks like in the world of open source bug hunting, age is not a factor.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.