Categories: LegalRegulation

Mozilla Tells FBI To Reveal Firefox Security Vulnerability

Mozilla has urged the FBI to disclose the details of a potentially serious security vulnerability discovered in its Firefox browser during a criminal investigation.

The bureau apparently uncovered the flaw when investigating a child pornography ring, and used the vulnerability to capture and prosecute several paedophiles.

But Mozilla has now filed a legal brief asking the bureau to share the software vulnerabilities found so it can fix them before any innocent users are affected.

Restricted

Mozilla is concerned that this technique exploited a flaw in the Tor browser used by paedophiles to access the site. Tor is partly powered by the same code used in Firefox, and Mozilla is now urging the FBI to provide the full exploit code it used to ensure that Firefox is not compromised in any way.

The FBI has already been ordered by the judge in a separate case to reveal these details to the defence team, but not to any of the entities (including Mozilla) that could actually fix the vulnerability.

“It makes no sense to allow the information about the vulnerability to be disclosed to an alleged criminal, but not allow it to be disclosed to Mozilla,” Mozilla’s filing states.

The filing was revealed in a Mozilla blog post, in which Denelle Dixon-Thayer, chief legal and business officer at the company urged the FBI to share what it had found.

“We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure,” she wrote.

The case concerns an FBI investigation into Playpen, a dark web child pornography site that was taken over by the bureau in February 2015. It was then able to deploy a hacking tool known as network investigative technique (NIT) in order to identify users of the site.

Overall, over a thousand computers were hacked using this method in the US, and over three thousand more abroad.

“Governments and technology companies both have a role to play in ensuring people’s security online. Disclosing vulnerabilities to technology companies first, allows us to do our job to prevent users from being harmed and to make the Web more secure,” Dixon-Theyer added.

The FBI has come under fire for not revealing details of a flaw it found in iOS that allowed it to access an iPhone 5C device involved in a terrorist attack in San Bernadino, California last year.

How well do you know your web browsers? Take our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

3 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

3 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

3 days ago