Mozilla offers up $10K for bugs found in new certificate verification library

Share this article:

Mozilla is offering up $10,000 to users who find and report critical vulnerabilities in a new certificate verification library on pace to be included with Firefox 31, which is scheduled for release in July.

Bugs reported by the end of June 30 will qualify if discovered in code, or caused by code, in ‘security/pkix' or ‘security/certverifier,' as used by Firefox, according to a Thursday post, which adds that the bugs must be triggered through normal web browsing.

Mozilla is most interested in instances where certificate chains that should be rejected are instead accepted as valid, as well as flaws that lead to exploitable memory corruption, according to the post.

The new certificate verification library is currently being used in Firefox developer builds, known as “Nightly.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.