Mozilla, the software company famous for the creation and development for the Firefox browser, is now taking legal action in order to find out whether their code was affected during a recent FBI investigation towards Tor, which is the privacy browser that shares a lot of the Firefox embedded computer language.
Mozilla Wants to Know How the FBI Manipulated Tor’s Data to Get in for the Good of the People
Software company Mozilla now has concerns over the FBI as the Federal Bureau of Investigation might have found a vulnerability that they are not willing to disclose. The firm wants to know what they can do in order to apply a fix for it so that others won’t be able to exploit the aforementioned vulnerability. The FBI has not helped out, therefore the software firm has taken the case to the courts.
Denelle Dixon-Thayer, Mozilla lawyer, stated the following in a blog post as she explains that this is not a political action: “User security is paramount. Vulnerabilities can weaken security and ultimately harm users. We want people who identify security vulnerabilities in our products to disclose them to us so we can fix them as soon as possible. Today, we filed a brief in an ongoing criminal case asking the court to ensure that, if our code is implicated in a security vulnerability, the government must disclose the vulnerability to us before it is disclosed to any other party. We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure.”
The situation first came to be after an investigation by the FBI went into a Tor-based child abuse site. The site was then closed down, and the FBI allegedly installed malware in order to trace the users of the said website. Because of this action, it suggests that the FBI made a clean way into the software, which does raise concerns for the software company that created the browser.
“The relevant issue in this case relates to a vulnerability allegedly exploited by the government in the Tor Browser,” said the lawyer for Mozilla. The Tor Browser is partially based on our Firefox browser code. Some have speculated, including members of the defence team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser. At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base. The judge in this case ordered the government to disclose the vulnerability to the defence team but not to any of the entities that could actually fix the vulnerability. We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.” She also added the following: “Court-ordered disclosure of vulnerabilities should follow the best practice of advance disclosure that is standard in the security research community. In this instance, the judge should require the government to disclose the vulnerability to the affected technology companies first, so it can be patched quickly. Governments and technology companies both have a role to play in ensuring people’s security online. Disclosing vulnerabilities to technology companies first allows us to do our job to prevent users being harmed and to make the web more secure.”