IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mozilla’s bid for Tor hack used in child porn case rejected

Firefox maker will not be granted access to an exploit the FBI uncovered in Tor

chrome and firefox

18/05/2016:A US judge has rejected a bid by Mozilla to disclose a vulnerability, connected to its Firefox browser, that was exploited by the FBI to track child predators the dark web.

Mozilla's attempt to intervene in a case against Jay Michaud, a school administrator charged in the investigation, was shot down on Monday by US district judge Robert Bryan in Tacoma, Washington, Reuters reports.

Prior to Mozilla's request, Bryan had instructed prosecutors to disclose to Michaud's lawyers a flaw in the Tor browser, which was allegedly used by the defendant to access images of child abuse.

Tor is partially based on the code for Mozilla's Firefox browser.

The US Department of Justice asked Bryan to reconsider, citing national security, and the judge said last Thursday that prosecutors did not need to make the disclosure to Michaud.

Mozilla had sent a bid to the judge last week requesting that it be briefed on the exploit the FBI used, so that it could close down the loophole, which it said could potentially affect users of its Firefox browser.

Responding to Mozilla's request on Monday, Bryan said its request was unlikely, adding, it "appears that Mozilla's concerns should be addressed to the United States".

Michaud is one of 137 people facing charges in the US after the FBI covertly seized control of a server hosting the website in question and tracked viewers of the site through Tor in February 2015.

13/05/2016:Mozilla wants the US government to disclose Firefox hack

Mozilla has asked the US government to provide it with information about a hack it used to catch an online criminal, saying it has the right to fix any security flaw before anyone else has the opportunity to use it.

Last year, the FBI exploited a zero-day flaw in the Tor browser, which was created partially from the Firefox base code, to catch an online child predator. The government continued to take advantage of the flaw to discover more criminals in the sexual abuse ring.

However, the FBI failed to share the vulnerability with anyone - not even Mozilla - just in case it wanted to use the security hole again. It has not been revealed whether the hole has been patched or not.

"At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,"Denelle Dixon-Thayer, Mozilla chief legal and business officer wrote in a blog post.

"The judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability."

She explained having an unfixed flaw could prove dangerous, because other hackers could get their hands on it and use it to cause damage to individuals and companies.

"We aren't taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure," she added.

The FBI has also refused to provide details of the security flaw it used to access one of the San Bernadino shooters' iPhones to Apple, which has angered the manufacturer.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mozilla adds paid tier, new features to developer network platform
web development

Mozilla adds paid tier, new features to developer network platform

25 Mar 2022
Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

8 Dec 2021
Firefox 95 boosts protection against zero-day attacks
web browser

Firefox 95 boosts protection against zero-day attacks

7 Dec 2021
Mozilla to end support for Firefox Lockwise password manager
web browser

Mozilla to end support for Firefox Lockwise password manager

24 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022