Mozilla recently increased the bounty for finding such bugs from $500 to $3,000 in an attempt to make it more worthwhile for people to spend their time looking for them. Alex set about tracking down any bug he could with 90 minute sessions each day. The first bug he submitted did not qualify for the reward, but 10 more days of hunting located a critical security flaw and the check was in the post.
According to Brandon Sterne, security program manager at Mozilla, what Alex achieved is not something just anyone can do:
The space of people that are contributing in this area is pretty small. This is a very niche technical area.