The company is worried that the vulnerability may compromise Firefox
Mozilla has filled in a brief, in which it is asking the FBI to reveal details about the vulnerability found in Tor web browser. The company is worried that the same vulnerability may compromise Firefox and insists on getting the information before it has been made public. Mozilla is ready to work in order to fix the discovered weak point and provide the necessary patches to protect the Firefox users.
The reason for this concern is that the Tor Browser is partially based on the Firefox browser code. Experts have been speculating that the discovered vulnerability in Tor might be present in the Firefox browser code as well.
In 2015, the FBI hacked Tor browser in order to identify users of child sex websites. Through a “network investigative technique”, the authorities were able to catch the bad guys, but now Mozilla is asking the court to disclose the details on how exactly the operation was carried out. The company wants to ensure its code for Firefox is secured and prevent malicious actors from abusing it.
The government, however, says that has no obligations to reveal any details neither about the FBI’s operation. nor about vulnerability – to Mozilla or anyone else. The company, on the other hand, has filled in an official letter, pointing out the argument that Firefox users should be provided maximum protection against discovered flaws. Therefore, software companies have the right to know these flaws in order to patch them.
The Chief Legal and Business Officer at Mozilla Corporation, Denelle Dixon-Thayer, said that, at the moment, no one outside the government is aware of the vulnerability that was exploited during the FBI’s operation. Even Mozilla doesn’t know whether it resides in any of the Firefox code base or not.
The judge, who is holding this case, has given an order to the government to reveal the vulnerability to the defense team. However, no one from the entities that could actually fix the vulnerability has been allowed to receive this information. Thayer said that the company doesn’t really think this decision makes any sense, since it does not allow the experts to fix the vulnerability before it becomes publicly disclosed.
Mozilla insists that the known flaw should be disclosed to the company and allow them to work on the patching. This move will prevent eventual malware exploits and will provide more secure browser experience to the users. The FBI, however, is unlikely to reveal his operation techniques. The arguments of both sides are still ongoing.