Mozilla offers up $10K for bugs found in new certificate verification library

Share this article:

Mozilla is offering up $10,000 to users who find and report critical vulnerabilities in a new certificate verification library on pace to be included with Firefox 31, which is scheduled for release in July.

Bugs reported by the end of June 30 will qualify if discovered in code, or caused by code, in ‘security/pkix' or ‘security/certverifier,' as used by Firefox, according to a Thursday post, which adds that the bugs must be triggered through normal web browsing.

Mozilla is most interested in instances where certificate chains that should be rejected are instead accepted as valid, as well as flaws that lead to exploitable memory corruption, according to the post.

The new certificate verification library is currently being used in Firefox developer builds, known as “Nightly.”

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.