Security Bug Bounty Program
The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us make the internet a safer place.
General Eligibility
To be eligible for a reward under this program:
Bounties can be donated to charity, please indicate this in the bug when filing or by contacting
Do not threaten or attempt to extort Mozilla. We will not award a bounty if you threaten to withhold the security issue from us or if you threaten to release the vulnerability or any exposed data to the public.
Safe Harbor
Mozilla strongly supports security research into our products and wants to encourage that research.
As a result, we will not threaten or bring any legal action against anyone who makes a good faith effort to comply with this Bug Bounty Program, or for any accidental or good faith violation of this policy. This includes any claim under the DMCA for circumventing technological measures to protect the services and applications eligible under this policy.
As long as you comply with this policy:
We understand that many Mozilla systems and services are interconnected with third-party systems and services. While we can authorize your research on Mozilla’s systems and services, and promise that Mozilla will not bring or threaten litigation against you for your efforts under this policy, we cannot authorize efforts on third-party products or guarantee they won’t pursue legal action against you. However, if a third party threatens or brings any legal action against you for your efforts under this policy, we are willing to make clear—to the Court, the public, or otherwise--that we authorized your efforts to test and research the security of Mozilla’s eligible systems and services.
If you’re not sure whether your conduct complies with this policy, please contact us first at and we will do our best to clarify.
Web and Client
Mozilla manages two different bug bounty programs. One focuses on Firefox and other Mozilla applications and the other covers our websites and services.
Follow @Mozilla

Follow @Firefox
Website Privacy Notice Cookies LegalCommunity Participation Guidelines
Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2021 by individual contributors. Content available under a Creative Commons license.
Mozilla SecurityAdvisoriesKnown VulnerabilitiesMozilla Security BlogSecurity Bug BountyClient Bug BountyFrequently Asked QuestionsHall of FameWeb Bug BountyEligible WebsitesFrequently Asked QuestionsHall of Fame
Mozilla ManifestoPress CenterCorporate BlogCareersContactDonatePrivacy HubBrowser ComparisonBrand StandardsProduct HelpFile a BugDeveloper EditionBetaBeta for AndroidNightlyNightly for AndroidEnterpriseToolsTwitter (@mozilla)Instagram (@mozilla)Twitter (@firefox)Instagram (@firefox)YouTube (@firefoxchannel)