Hack The Tor Browser For 0-Days And Get $1 Million Bug Bounty From Zerodium
In their announcement post, Zerodiam notes that exploiting vulnerabilities in modern web browsers is becoming harder by the tick of the clock.
The task for the $1 million bug bounty is to “develop a fully functional zero-day exploit for Tor Browser with JavaScript BLOCKED!”.
Tor browser exploits submissions with Javascript enabled will be accepted but lesser payout would be given. However, exploits causing “disruption of legitimate use of the Tor network are NOT accepted,” Zerodium says.
Tor browser is widely known to hide users’ identity and protect their privacy by connecting them to the Tor network. It’s based on a Mozilla Firefox ESR release which includes various add-ons developed by the Tor Project. You can read more about the Tor in this post.
Zerodium defends their bug bounty by arguing that the browser is also a golden ticket for illegal activities like child abuse and drug trafficking. The zero-day bounty program would help their government customers fight crime.
Recently, Samsung also launched their Mobile Security Rewards program which offers up to $200,000 for finding vulnerabilities in mobile devices.
Zerodium will acquire all the eligible exploits but the bug bounty program will come to an end when the total payout of all the submissions reaches $1 million.
You can read Zerodium’s blog post to know more about the bug bounty program. And if you have something to add, drop your thoughts in the comments.
Also Read: BlueBorne – 8 Zero Day Bugs Threaten 8.2 Billion Bluetooth-Enabled Devices