Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this upcoming January 25-27, 2022. Learn more about the event. 


Mozilla has filed a motion [PDF] with a U.S. district court requesting information about potential Firefox vulnerabilities unearthed by the government in a criminal investigation.

This demand relates to an ongoing case brought about by the FBI after it hacked a Dark Web child pornography website back in February 2015 and ran it from a government facility in Virginia. The exploit discovered by the FBI was reportedly found in the Tor Browser, software that provides anonymity to online users. Tor is essentially built on the same base code as the open-source Firefox browser, which had led to speculation that the vulnerability actually lies in the Firefox code.

Mozilla’s motion, which was filed in the United States District Court, Western District of Washington yesterday, lays out the company’s case that it should be granted access to the details of the vulnerability so as to ascertain whether the exploit also impacts the main Mozilla Firefox browser.

In part:

The Government has refused to tell Mozilla whether the vulnerability at issue in this case involves a Mozilla product. Nevertheless, Mozilla has reason to believe that the Exploit the Government used is an active vulnerability in its Firefox code base that could be used to compromise users and systems running the browser.

The defendants in the criminal case were granted access to the malware code that was used, though the Department of Justice initially resisted. Now Mozilla wants access to the same information.

“The judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability,” said Denelle Dixon-Thayer, chief legal and business officer at Mozilla Corporation, in a blog post. “We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.”

The Mozilla case bears striking similarities to the ongoing feud between Apple and the government, after the White House refused to disclose the unlocking method used to access an iPhone belonging to one of the San Bernardino killers. There is a tangible tension between tech companies and authorities, and with Mozilla now claiming that the government has refused to divulge the exploit it used to infiltrate Tor, this division will surely widen.

“Governments and technology companies both have a role to play in ensuring people’s security online,” added Dixon-Thayer. “Disclosing vulnerabilities to technology companies first allows us to do our job to prevent users from being harmed and to make the Web more secure.”

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member