12-year old awarded $3,000 for Firefox vulnerability

|


The Mozilla Foundation regularly rewards security specialists for supplying information on critical vulnerabilities in its Firefox browser. Now a 12-year old has been awarded $3,000 for discovering a security vulnerability in the open source web browser.

Alexander Miller, from the USA, discovered and reported a critical bug in a JavaScript function. He found that a buffer overflow would result when very long strings where submitted to document.write, one of the most frequently used JavaScript functions. This error condition could potentially be exploited to inject and execute code. The development team has fixed this and other bugs in Firefox versions 3.6.11 and 3.5.14 and in Thunderbird 3.1.5 and 3.0.9. Alex Miller is listed in the credits as a Security Researcher.

Miller has told US media that he was spurred on by an increase in the amount paid out for bugs, from $500 to $3,000. Having already discovered and reported one bug that did not meet the requirements for a reward he says he spent 90 minutes a day for 10 days searching for a bug worthy of financial recompense.

0 comments:

Post a Comment