Ad Home

Hack "Tor Browser" For 0-Days And Get $1 Million From "Zerodium"

Hack "Tor Browser" For 0-Days And Get $1 Million From  "Zerodium"

Finding some zero-day exploits for Tor Browser on Windows and Tails can make you richer by up to $1 Million. That’s because of a bug bounty hosted by Zerdioum – the buys zero-day bugs and sells it to government agencies.

In their announcement post, Zerodiam notes that exploiting vulnerabilities in modern web browsers is becoming harder by the tick of the clock.

Zerodium said that it will give up to $1 million for completely functional, private zero day exploits for Tor Browser on Linux and Windows. Clearly, the company said that it will give $250,000 for combined remote code execution and local privilege escalation flaws that work on both Tails and Windows to root/system, or $200,000 for combined bugs in Tails or Windows. It will pay a bounty for just RCE flaws, and flaws executed when JavaScript is enabled.
Tor browser exploits submissions with Javascript enabled will be accepted but lesser payout would be given. However, exploits causing “disruption of legitimate use of the Tor network are NOT accepted,” Zerodium says.

According to Zerodium:
“ZERODIUM, the premium zero-day acquisition platform, announces and hosts a Tor Browser Zero-Day Bounty. ZERODIUM will pay a total of one million U.S. dollars ($1,000,000) in rewards to acquire zero-day exploits for Tor Browser on Tails Linux and Windows. The bounty is open until November 30th, 2017 at 6:00pm EDT, and may be terminated prior to its expiration if the total payout to researchers reaches one million U.S. dollars ($1,000,000).”

Zerodium defends their bug bounty by arguing that the browser is also a golden ticket for illegal activities like child abuse and drug trafficking. The zero-day bounty program would help their government customers fight crime.

Zerodium will acquire all the eligible exploits but the bug bounty program will come to an end when the total payout of all the submissions reaches $1 million.

You can read Zerodium’s blog post to know more about the bug bounty program. And if you have something to add, drop your thoughts in the comments.