The group paid $500 to German researcher Michael Krax for each of the five bugs he found in Firefox.
"We developed the bug bounty program to encourage and award community members who identify unknown bugs in the software," said Chris Hofmann, director of engineering for the Mozilla Foundation. "This program is one of the many ways the Mozilla Foundation produces safe and secure software for its users."
The bugs relate to chrome privileges--a mechanism that allows applications to change user interface details of the browser itself. If abused, this function could alter the 'Home' button, for example, to make it download malicious programs.
Last week, Mozilla issued an Firefox., version 1.02, that patched a buffer overflow in legacy Netscape code still included in the browser for animating GIF images in
Mozilla is one of the few organizations to offer financial incentives to people who find vulnerabilities. Microsoft, which charges for its products and regularly asks the user community to test beta versions of its software, has no such scheme.
A representative for Microsoft said: "We don't pay people to fix bugs, but there are other ways we try to fix security as much as possible. But we can't comment on what Mozilla does."
Microsoft also highlighted itsfor informants who help law enforcement agencies to convict virus writers.
Dan Ilett of ZDNet UK reported from London.