Mozilla offers up $10K for bugs found in new certificate verification library

Share this article:

Mozilla is offering up $10,000 to users who find and report critical vulnerabilities in a new certificate verification library on pace to be included with Firefox 31, which is scheduled for release in July.

Bugs reported by the end of June 30 will qualify if discovered in code, or caused by code, in ‘security/pkix' or ‘security/certverifier,' as used by Firefox, according to a Thursday post, which adds that the bugs must be triggered through normal web browsing.

Mozilla is most interested in instances where certificate chains that should be rejected are instead accepted as valid, as well as flaws that lead to exploitable memory corruption, according to the post.

The new certificate verification library is currently being used in Firefox developer builds, known as “Nightly.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.