Mozilla has long had a policy of offering a monetary reward to developers who find new security vulnerabilities in the Firefox Web browser. In a recent change of policy, the organization has bumped the bounty from a modest $500 to $3,000. The offer has also been extended to Firefox Mobile and other new products.

The discovery of a previously unknown security vulnerability opens up a lot of opportunities for profit. Security researchers can get a ton of press exposure and publicity by publishing an exploit of an unpatched zero-day flaw. It is also increasingly common for security researchers to sit on undisclosed vulnerabilities for a long time so that they can whip them out for a quick and easy win during competitions that offer cash prizes.

一名來自加州聖路易斯的12歲男孩因為發現了Firefox瀏覽器"document.write"過程中產生的緩衝區溢出，獲得了來自Mozilla的3000美元支票。