When we said that we found and fixed hundreds of bugs in Firefox using AI, people were skeptical and said: Where are the bugs?
-
-
-
When we said that we found and fixed hundreds of bugs in Firefox using AI, people were skeptical and said: Where are the bugs?
Well, here they are. We are unhiding 12 security bugs that are representative of the issues we have found.
https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/.
@freddy Thanks for sharing and making those reports public early. Great insight into what's happening with browser VRPs.
Is Mozilla planning changes to the Firefox VRP in response to this, similar to recent changes to the Chrome VRP?
(Or have changes already been made? I'm not closely following the Firefox VRP, unfortunately.)
-
@freddy Thanks for sharing and making those reports public early. Great insight into what's happening with browser VRPs.
Is Mozilla planning changes to the Firefox VRP in response to this, similar to recent changes to the Chrome VRP?
(Or have changes already been made? I'm not closely following the Firefox VRP, unfortunately.)
-
@freddy Ah, forgot about those changes. (It's been a _very long_ 2 months.)
Reward amounts seem unchanged and Firefox still pays for reasonable moderate impact vulns, which is appreciated.
Hope reward amounts aren't lowered given the new landscape, especially since FF rewards were much lower than other browser VRPs (now about the same).
-
@freddy Ah, forgot about those changes. (It's been a _very long_ 2 months.)
Reward amounts seem unchanged and Firefox still pays for reasonable moderate impact vulns, which is appreciated.
Hope reward amounts aren't lowered given the new landscape, especially since FF rewards were much lower than other browser VRPs (now about the same).
@AlesandroOrtiz yeah, we will see how things go. Due to *gestures wildly* recent events, we also had a bit less submissions, soβ¦
β
οΈ -
@AlesandroOrtiz yeah, we will see how things go. Due to *gestures wildly* recent events, we also had a bit less submissions, soβ¦
βοΈ@freddy Less? That's very surprising.
Thought it would continue increasing despite *gestures wildly* everything.
-
@freddy Less? That's very surprising.
Thought it would continue increasing despite *gestures wildly* everything.
@AlesandroOrtiz @freddy I would expect to see a really big surge initially and then tail off unless there's some big step forward in tooling, be it LLM/ML related or other...then tail off again after each initial burst.
-
@AlesandroOrtiz @freddy I would expect to see a really big surge initially and then tail off unless there's some big step forward in tooling, be it LLM/ML related or other...then tail off again after each initial burst.
@skryking @AlesandroOrtiz less valid from bug bounty, given we found them first?
might change over time of course -
When we said that we found and fixed hundreds of bugs in Firefox using AI, people were skeptical and said: Where are the bugs?
Well, here they are. We are unhiding 12 security bugs that are representative of the issues we have found.
https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/.
-
R relay@relay.mycrowd.ca shared this topic
