12 May 2016, USA :
Mozilla Corp has asked a federal judge to order the U.S. government to disclose a vulnerability in its Firefox web browser that the company says the FBI exploited to investigate users of a large and secretive child pornography website.
In a blog post, Denelle Dixon-Thayer, Mozilla’s chief legal and business officer, said a judge had ordered the vulnerability disclosed to lawyers for a defendant caught in the probe, Jay Michaud, but not to any of entities that could fix it.
“We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed,” she wrote. A U.S. Justice Department spokesman said it would respond at a later date.
Mozilla filed papers in federal court in Tacoma, Washington, on Wednesday seeking information on a vulnerability in a browser used to view websites on the anonymous Tor network that is partly based on the code for Firefox.
The Federal Bureau of Investigation said it could not submit to an interagency review the hack used to access the iPhone because it did not own the method or possess sufficient knowledge of the underlying vulnerability.
Michaud is one of 137 people facing U.S. charges after the FBI in February 2015 seized the server for Playpen, a child porn website on the Tor network, which is designed to allow anonymous online communication and protect user privacy.
In order to identify its 214,898 members, authorities sought a search warrant from the Virginia judge allowing them to deploy a “network investigative technique.”
That technique would cause a user’s computer to send them data any time that user logged onto the website while the FBI operated it for two weeks.
In Michaud’s case, U.S. District Judge Robert Bryan in February ordered that prosecutors disclose to his lawyers the code used to deploy the “network investigative technique.” Prosecutors have asked Bryan to reconsider.
Source : reuters