About

The Attack & Defense blog is the primary outlet from the Firefox Application Security team to talk about new developments. We will share recent updates to our defenses, cool new attacks and general tips on how to find bugs and get bug bounties.

Links

• Mozilla Security Blog
• Firefox Security Advisories
• Security Severity Ratings for Client Software
• Bug Bounty Program FAQ
• Firefox Bug Bounty Form
• Firefox Bug Bounty Hall of Fame

Guest blog posts

If you have participated in our bug bounty program, you might be interested in writing a guest blog post for Attack & Defense. We use roughly these criteria to decide whether we want to accept a guest blog post. Acceptance and publication is always at the discretion of our team.

All of the following should be true:

• You have reported a valuable security bug that was awarded with a bug bounty
• The bug has since been fixed in Firefox release
• The bug is publicly visible to everyone

If all of the conditions are met, please file an issue at https://github.com/MozillaSecurity/attackanddefense.dev/issues/new with the following information

• The bug you want to talk about
• The main message you want to come across / a title
• A rough outline (5-10 bullet points) of your proposed post

Please note that writing for our blog will take some time and that you will likely receive multiple reviews before we consider the post ready for publication. We may withdraw our offer at any point in time and we do not support blogging for the sole purpose of self-adulation.