Mozilla has a big surprise in store for all its customers! 6 years after they released the security bounty program, they decided to update it, in order to endorse security research. The bounty that the Californian company will be offering is $ 3000 per security bug starting July 1st 2010 (note that only some can bring you a reward). It is their belief that the best way to ensure security to their users is to give out prizes to encourage security researches to disclose information.
The software covered for receiving the reward are Firefox, Thunderbird, as well as Firefox Mobile and any Mozilla service(including beta versions) which needs security for operation. Note that Mozilla Suite is not eligible anymore, as it is not an officially released nor supported Mozilla program, Mozilla states it already rewarded those people who helped at improving security, but from now on, things will be more clear.
Mozilla also added that it reserves the right to exclude bugs from the bounty payment if the finder was considered to have acted against the best interests of the users. To be more explicit, they won’t change their position regarding bounties for publicly disclosed bugs. The money which Mozilla give out doesn’t depend on the confidential disclosure. Indeed, Mozilla encourages researchers to report bugs to them privately (like most security researchers have), but they also think that the reporters should control the manner in which the details of their findings are disclosed.
For more details , visit the official page of the bug bounty.