Mozilla Seeks Details on Browser Vulnerability Exploited in FBI Probe
Advertisement
Mozilla Corp has asked a federal judge to order the US government to disclose a vulnerability in its Firefox web browser that the company says the FBI exploited to investigate users of a large and secretive child pornography website.
Mozilla filed papers in federal court in Tacoma, Washington, on Wednesday seeking information on a vulnerability in a browser used to view websites on the anonymous Tor network that is partly based on the code for Firefox.
In a blog post, Denelle Dixon-Thayer, Mozilla's chief legal and business officer, said a judge had ordered the vulnerability disclosed to lawyers for a defendant caught in the probe, Jay Michaud, but not to any of entities that could fix it.
"We don't believe that this makes sense because it doesn't allow the vulnerability to be fixed before it is more widely disclosed," she wrote.
A US Justice Department spokesman said it would respond at a later date.
Advertisement
Mozilla's brief came amid renewed attention to the process for disclosing computer security flaws discovered by federal agencies, following a recent standoff between Apple and the FBI over a locked iPhone linked to a shooter involved in a terrorist attack in San Bernardino, California, in which 14 people were killed.
The FBI said it could not submit to an inter agency review the hack used to access the iPhone because it did not own the method or possess sufficient knowledge of the underlying vulnerability.
Advertisement
Mozilla said it had asked if the FBI submitted the browser flaw through the vulnerability review process but not received an answer.
Michaud is one of 137 people facing US charges after the FBI in February 2015 seized the server for Playpen, a child porn website on the Tor network, which is designed to allow anonymous online communication and protect user privacy.
Advertisement
In order to identify its 214,898 members, authorities sought a search warrant from the Virginia judge allowing them to deploy a "network investigative technique."
That technique would cause a user's computer to send them data any time that user logged onto the website while the FBI operated it for two weeks.
The investigation has recently run into legal trouble, after two defendants secured rulings declaring the warrants used in their cases were invalid.
In Michaud's case, US District Judge Robert Bryan in February ordered that prosecutors disclose to his lawyers the code used to deploy the "network investigative technique." Prosecutors have asked Bryan to reconsider.
© Thomson Reuters 2016
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Advertisement