Security/BugBountyOnramp/

Bug Bounty On-Ramp pages contain documentation intended to assist bug bounty hunters in testing Mozilla websites.

Website Documentation

• addons.mozilla.org aka Addons aka AMO

These pages need work:

• Application Update Servers/Balrog
  
• Bugzilla aka bugzilla.mozilla.com (Do not create bugs or comment on existing bugs while testing)
  
• Crash Report aka crash-stats.mozilla.com
  
• Firefox Accounts (FxA)
  
• Hello aka hello.firefox.com
  
• input.mozilla.org
  
• Locations aka location.services.mozilla.com
  
• Marketplace aka marketplace.firefox.com
  
• Mercurial aka hg.mozilla.com
  
• Metrics
  
• Miscellaneous
  
• Moztrap aka moztrap.mozilla.org
  
• Phonebook aka phonebook.mozilla.org
  
• Product Delivery aka download.mozilla.org
  
• Mozilla Single Signon aka sso.mozilla.com
  
• SUMO aka support.mozilla.org
  
• TLS Observatory aka tls-observatory.services.mozilla.com
  
• teach.mozilla.org
  
• tiles.services.mozilla.com
  
• aka tracking.services.mozilla.com
  
• Mozilla.com and other public websites
  

Bug Bounty Advice

How do security researchers approach bug bounties?

Template page - copy, please do not overwrite