Closed Bug 256195 (sbb?) Opened 17 years ago Closed 12 years ago
Security Bug Bounty: nominated
Meta bug to track security bug bounty nominations. Once decided they should be moved to either the Awarded or Rejected tracking bugs.
Initial bug bounty awards: Marcel Boesch, for bug 249004 Gaël Delalleau, two for bug 245066 and bug 255067 Mats Palmgren and Gaël Delalleau split one for bug 250900 (trunk) and bug 256316 (1.7/aviary branch) Georgi Guninski, two for bug 257314 and bug 258005
Bug 258173 is not a remote exploit, a bounty will not be awarded.
bug 259403 requires Java, does not qualify for bug bounty.
Michael Krax was awarded five bounties: firespoofing (bug 260560), firedragging (bug 279945), firetabbing (bug 280056), fireflashing (bug 280664) and firescrolling2 (bug 288164).
Catching up on Firefox 1.0.2 and 1.0.3 era Bounties awarded.
Tom Ferris awarded a bounty for bug 307259
heatsync asked me about https://bugzilla.mozilla.org/show_bug.cgi?id=315004
Depends on: 315004
Dan, if bug 340198 qualifies for a bounty, then so do bug 240261 and bug 308244 IMO. They're all duplicates of one another, unrecongized as such (until now) because they are all marked security sensitive.
This is the "nominated" list, doesn't mean we're awarding anything yet. But in fact 340198 isn't a pure duplicate, it combines the behavior described in those older spoofing bugs with the software update system to describe a different blended attack. Also bug 340198 could be solved in ways that don't require solving those other bugs, such as by shipping with the "one true cert" for update.
This bug isn't being used anymore
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
2 years ago
No longer depends on: 331334
You need to log in before you can comment on or make changes to this bug.