Mozilla offers up $10K for bugs found in new certificate verification library

Share this article:

Mozilla is offering up $10,000 to users who find and report critical vulnerabilities in a new certificate verification library on pace to be included with Firefox 31, which is scheduled for release in July.

Bugs reported by the end of June 30 will qualify if discovered in code, or caused by code, in ‘security/pkix' or ‘security/certverifier,' as used by Firefox, according to a Thursday post, which adds that the bugs must be triggered through normal web browsing.

Mozilla is most interested in instances where certificate chains that should be rejected are instead accepted as valid, as well as flaws that lead to exploitable memory corruption, according to the post.

The new certificate verification library is currently being used in Firefox developer builds, known as “Nightly.”

Share this article:

Sign up to our newsletters

More in News

Facebook scam leads victims to Nuclear exploit kit

Researchers at Symantec say attackers are becoming more aggressive and using Facebook scams to exploit users' computers.

eBay faces class-action suit over breach

eBay faces class-action suit over breach

A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.