Mozilla is raising payouts for the highest impact security flaws found in Firefox and related projects as part of a bug bounty revamp guided by its “more hardened security stance”. In an effort to make the policy “more friendly”, the open source browser developer has also clarified payout criteria, and abandoned a “first reporter wins” approach to payouts in favor of sharing the spoils among duplicate reporters. The non-profit said it would also continue publishing explainers aimed at newbie Firefox testers following its December 2019 post on how HTML sanitization prevents UXSS “After adding a new static analysis bounty late last year, we’re excited to further expand our bounty program in the coming year, as well as provide an on-ramp for more participants,” said Mozilla’s Tom Ritter in a post published yesterday (April 23).
Source: Daily Swig