The organization paid out $500 for each of the five security vulnerabilities discovered by Michael Krax. The flaws related to chrome privileges, which allows the look of the browser to be changed. The vulnerabilities could let an attacker change a button to make it download malware.
"We developed the bug bounty program to encourage and award community members who identify unknown bugs in the software," said Chris Hofmann, director of engineering for the Mozilla Foundation in a statement. "This program is one of the many ways the Mozilla Foundation produces safe and secure software for its users."
The bug bounty program was started last year with funding from Linux software company Linspire and South African entrepreneur Mark Shuttleworth. Since its inception the Mozilla Foundation has awarded bug bounties to five participants.
As reported in SC Magazine last month, the Foundation moved quickly to plug a hole in its Firefox browser. Since then it has released another security update.
The Mozilla Foundation also won the SC Magazine Editor-in-Chief award (SC's highest accolade) at the SC Awards in San Francisco in February.