Categories: LegalRegulation

Mozilla Tells FBI To Reveal Firefox Security Vulnerability

Mozilla has urged the FBI to disclose the details of a potentially serious security vulnerability discovered in its Firefox browser during a criminal investigation.

The bureau apparently uncovered the flaw when investigating a child pornography ring, and used the vulnerability to capture and prosecute several paedophiles.

But Mozilla has now filed a legal brief asking the bureau to share the software vulnerabilities found so it can fix them before any innocent users are affected.

Restricted

Mozilla is concerned that this technique exploited a flaw in the Tor browser used by paedophiles to access the site. Tor is partly powered by the same code used in Firefox, and Mozilla is now urging the FBI to provide the full exploit code it used to ensure that Firefox is not compromised in any way.

The FBI has already been ordered by the judge in a separate case to reveal these details to the defence team, but not to any of the entities (including Mozilla) that could actually fix the vulnerability.

“It makes no sense to allow the information about the vulnerability to be disclosed to an alleged criminal, but not allow it to be disclosed to Mozilla,” Mozilla’s filing states.

The filing was revealed in a Mozilla blog post, in which Denelle Dixon-Thayer, chief legal and business officer at the company urged the FBI to share what it had found.

“We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure,” she wrote.

The case concerns an FBI investigation into Playpen, a dark web child pornography site that was taken over by the bureau in February 2015. It was then able to deploy a hacking tool known as network investigative technique (NIT) in order to identify users of the site.

Overall, over a thousand computers were hacked using this method in the US, and over three thousand more abroad.

“Governments and technology companies both have a role to play in ensuring people’s security online. Disclosing vulnerabilities to technology companies first, allows us to do our job to prevent users from being harmed and to make the Web more secure,” Dixon-Theyer added.

The FBI has come under fire for not revealing details of a flaw it found in iOS that allowed it to access an iPhone 5C device involved in a terrorist attack in San Bernadino, California last year.

How well do you know your web browsers? Take our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

3 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

4 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

5 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

7 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

10 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

10 hours ago