|
View unanswered posts | View active topics
It is currently Tue Aug 05, 2025 4:29 pm
|
Page 1 of 1
|
[ 6 posts ] |
|
12-year-old finds critical Firefox flaw, earns $3,000 bounty
| Author |
Message |
|
ProfessorF
What's a life?
Joined: Thu Apr 23, 2009 7:56 pm
Posts: 12030
|
  | | | | Quote: 12-year-old finds critical Firefox flaw, earns $3,000 bounty
By Ryan Naraine | October 22, 2010, 4:22pm PDT
The security researcher who found and reported this critical buffer overflow and memory corruption vulnerability in Mozilla’s Firefox browser is none other than Alex Miller, a 12-year-old boy who earned a $3,000 bounty for his discovery.
According to the San Jose Mercury News, Miller (right) was motivated to search for Firefox security holes after Mozilla increased its bug bounty from $500 to $3,000.
The seventh grader, described as a “Firefox loyalist,” had previously reported a Firefox vulnerability but that one did not qualify for the cash payout.
Alex returned to the computer and his exploration. By Alex’s estimation he spent about 90 minutes each day for about 10 days until he spotted it–a flaw in the memory of the running program.
The vulnerability, which can be exploited to crash a victim’s browser and potentially run arbitrary code on their computer, was patched this week in Firefox 3.6.11 and Firefox 3.5.14.
It also affects Mozilla’s Thunderbird 3.1.5, Thunderbird 3.0.9 and SeaMonkey 2.0.9. | | | | |
|
| Mon Oct 25, 2010 8:14 pm |
|
|
|
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
|
Very impressive. I do wish the kid well. I hope he finds more bugs, and earns more money from it.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
| Mon Oct 25, 2010 9:32 pm |
|
|
|
dogbert10
Doesn't have much of a life
Joined: Thu Apr 23, 2009 8:23 pm
Posts: 638
Location: 3959 miles from the centre of the Earth - give or take a bit
|
I wonder what the people who wrote Firefox are thinking now - after all, they're paid to find these problems, not the general public.
_________________
i7 860 @ 3.5GHz, GTX275, 4GB DDR3
|
| Tue Oct 26, 2010 8:41 am |
|
|
|
brataccas
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 9:14 pm
Posts: 5664
Location: Scotland
|
wonder how many times the kid bugged firefox company to pay up  _________________
|
| Tue Oct 26, 2010 12:48 pm |
|
|
|
finlay666
Spends far too much time on here
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 4876
Location: Newcastle
|
Errr, no Developer != tester And the time to test for all of these problems is potentially limitless especially considering how dependent it is on input from different sources _________________TwitterCharlie Brooker: Macs are glorified Fisher-Price activity centres for adults; computers for scaredy cats too nervous to learn how proper computers work; computers for people who earnestly believe in feng shui.
|
| Tue Oct 26, 2010 12:51 pm |
|
|
|
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am
Posts: 29240
Location: Guantanamo Bay (thanks bobbdobbs)
|
The increased bounty makes a huge difference. If you have to spend several weeks in order to find one the effective hourly rate is too low with $500. $3000 makes it much more worth while. Also there is the issue of security competitions where they can get new kit for cracking them. That sets a floor price for such work. If you can do better in such competition why hand over something for which you can get so much more in a security competition?
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
| Tue Oct 26, 2010 1:31 pm |
|
|
|
|
Page 1 of 1
|
[ 6 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 8 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
|
|
