In the blog post, Mozilla’s web security nomad Michael Coates, discusses how these “attack aware” applications will be able to differentiate between normal user errors and abnormal errors made by malicious users who intend to damage the system.
After identifying these users, the applications will forbid attackers from additional prying while supplying Mozilla with a data report to further analyze trends.
While these moves ultimately look to bring more security to Mozilla’s products, it raises questions about how they’ll continue to handle bounties for their Bug Bounty Program. As previously announced, Mozilla’s program encourages researchers to fiddle with their software by rewarding $3000 in cash to those who find security bugs in recent releases of Firefox, Thunderbird, Firefox Mobile, or other Mozilla services. Late last year, following Google’s lead, Mozilla decided to expand their bounty to include their web apps.
Coates suggests that while these “attack aware” features won’t be rolled out in the “near future,” Mozilla may eventually provide a mirror environment of bug bounty sites for security testing.