Mozilla Foundation's Bug Bounty Program pays researchers to find security problems. This week the company awarded $2500 (USD) to German bug hunter Michael Krax.

Krax identified five security privilege problems related to Mozilla's chrome architecture. Chrome provides the user interface (toolbars, menus, progress bars, title bars, etc.) for Mozilla-based solutions, including the hugely popular Firefox , the cross-platform Thunderbird mail client, and the new Sunbird calendar application.

The
Bug Bounty Program was launched in 2004 with seed money provided by Linspire and Mark Shuttleworth. The public is invited to donate money to the fund where all donations are tax deductable. Mozilla Foundation pays $500 (plus a Mozilla t-shirt) for each verifiable bug that is reported to them. Mozilla.

Since the bounty program began Mozilla Foundation has paid rewards to five researchers. Complete guidelines for the discovery, reporting, and award process are outlined at the
Bug Bounty Program Web site.