Security/BugBountyOnramp/
From MozillaWiki
< Security
Bug Bounty On-Ramp pages contain documentation intended to assist bug bounty hunters in testing Mozilla websites.
Website Documentation
These pages need work:
- Application Update Servers/Balrog
- Bugzilla aka bugzilla.mozilla.com (Do not create bugs or comment on existing bugs while testing)
- Crash Report aka crash-stats.mozilla.com
- Firefox Accounts (FxA)
- Hello aka hello.firefox.com
- input.mozilla.org
- Locations aka location.services.mozilla.com
- Marketplace aka marketplace.firefox.com
- Mercurial aka hg.mozilla.com
- Metrics
- Miscellaneous
- Moztrap aka moztrap.mozilla.org
- Phonebook aka phonebook.mozilla.org
- Product Delivery aka download.mozilla.org
- Mozilla Single Signon aka sso.mozilla.com
- SUMO aka support.mozilla.org
- TLS Observatory aka tls-observatory.services.mozilla.com
- teach.mozilla.org
- tiles.services.mozilla.com
- aka tracking.services.mozilla.com
- Mozilla.com and other public websites
Bug Bounty Advice
How do security researchers approach bug bounties?