Categories: LegalRegulation

Mozilla Tells FBI To Reveal Firefox Security Vulnerability

Mozilla has urged the FBI to disclose the details of a potentially serious security vulnerability discovered in its Firefox browser during a criminal investigation.

The bureau apparently uncovered the flaw when investigating a child pornography ring, and used the vulnerability to capture and prosecute several paedophiles.

But Mozilla has now filed a legal brief asking the bureau to share the software vulnerabilities found so it can fix them before any innocent users are affected.

Restricted

Mozilla is concerned that this technique exploited a flaw in the Tor browser used by paedophiles to access the site. Tor is partly powered by the same code used in Firefox, and Mozilla is now urging the FBI to provide the full exploit code it used to ensure that Firefox is not compromised in any way.

The FBI has already been ordered by the judge in a separate case to reveal these details to the defence team, but not to any of the entities (including Mozilla) that could actually fix the vulnerability.

“It makes no sense to allow the information about the vulnerability to be disclosed to an alleged criminal, but not allow it to be disclosed to Mozilla,” Mozilla’s filing states.

The filing was revealed in a Mozilla blog post, in which Denelle Dixon-Thayer, chief legal and business officer at the company urged the FBI to share what it had found.

“We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure,” she wrote.

The case concerns an FBI investigation into Playpen, a dark web child pornography site that was taken over by the bureau in February 2015. It was then able to deploy a hacking tool known as network investigative technique (NIT) in order to identify users of the site.

Overall, over a thousand computers were hacked using this method in the US, and over three thousand more abroad.

“Governments and technology companies both have a role to play in ensuring people’s security online. Disclosing vulnerabilities to technology companies first, allows us to do our job to prevent users from being harmed and to make the Web more secure,” Dixon-Theyer added.

The FBI has come under fire for not revealing details of a flaw it found in iOS that allowed it to access an iPhone 5C device involved in a terrorist attack in San Bernadino, California last year.

How well do you know your web browsers? Take our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

7 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

8 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

8 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

9 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

9 hours ago