x404.co.uk
http://www.x404.co.uk/forum/

12-year-old finds critical Firefox flaw, earns $3,000 bounty
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=11155		 Page 1 of 1
Author:  ProfessorF [ Mon Oct 25, 2010 8:14 pm ]
Post subject:  12-year-old finds critical Firefox flaw, earns $3,000 bounty
Quote:
12-year-old finds critical Firefox flaw, earns $3,000 bounty
By Ryan Naraine | October 22, 2010, 4:22pm PDT

The security researcher who found and reported this critical buffer overflow and memory corruption vulnerability in Mozilla’s Firefox browser is none other than Alex Miller, a 12-year-old boy who earned a $3,000 bounty for his discovery.

According to the San Jose Mercury News, Miller (right) was motivated to search for Firefox security holes after Mozilla increased its bug bounty from $500 to $3,000.

The seventh grader, described as a “Firefox loyalist,” had previously reported a Firefox vulnerability but that one did not qualify for the cash payout.

Alex returned to the computer and his exploration. By Alex’s estimation he spent about 90 minutes each day for about 10 days until he spotted it–a flaw in the memory of the running program.

The vulnerability, which can be exploited to crash a victim’s browser and potentially run arbitrary code on their computer, was patched this week in Firefox 3.6.11 and Firefox 3.5.14.

It also affects Mozilla’s Thunderbird 3.1.5, Thunderbird 3.0.9 and SeaMonkey 2.0.9.


http://www.zdnet.com/blog/security/12-year-old-finds-critical-firefox-flaw-earns-3000-bounty/
Author:  Amnesia10 [ Mon Oct 25, 2010 9:32 pm ]
Post subject:  Re: 12-year-old finds critical Firefox flaw, earns $3,000 bounty
Very impressive. I do wish the kid well. I hope he finds more bugs, and earns more money from it.
Author:  dogbert10 [ Tue Oct 26, 2010 8:41 am ]
Post subject:  Re: 12-year-old finds critical Firefox flaw, earns $3,000 bounty
I wonder what the people who wrote Firefox are thinking now - after all, they're paid to find these problems, not the general public.
Author:  brataccas [ Tue Oct 26, 2010 12:48 pm ]
Post subject:  Re: 12-year-old finds critical Firefox flaw, earns $3,000 bounty
wonder how many times the kid bugged firefox company to pay up :cry:
Author:  finlay666 [ Tue Oct 26, 2010 12:51 pm ]
Post subject:  Re: 12-year-old finds critical Firefox flaw, earns $3,000 bounty
dogbert10 wrote:
I wonder what the people who wrote Firefox are thinking now - after all, they're paid to find these problems, not the general public.


Errr, no

Developer != tester

And the time to test for all of these problems is potentially limitless especially considering how dependent it is on input from different sources
Author:  Amnesia10 [ Tue Oct 26, 2010 1:31 pm ]
Post subject:  Re: 12-year-old finds critical Firefox flaw, earns $3,000 bounty
The increased bounty makes a huge difference. If you have to spend several weeks in order to find one the effective hourly rate is too low with $500. $3000 makes it much more worth while. Also there is the issue of security competitions where they can get new kit for cracking them. That sets a floor price for such work. If you can do better in such competition why hand over something for which you can get so much more in a security competition?
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/