Mozilla announced some major changes to its bug bounty program that was first launched in 2004.
The organization paid out $965,750 for roughly 350 vulnerabilities, the average payout for each issue was approximately $2,700.
Now Mozilla has increased the maximum payout to $10,000 that will be paid for the highest severity vulnerabilities such as sandbox escapes, code execution flaws, and techniques for bypassing WebExtension install prompts.
Researchers could earn between $3,000 and $5,000 for reporting high-impact flaws such as memory corruption, same-origin bypass that results in user data leakage, and obtaining a user’s IP if a proxy is configured.