Skip to main content

The FBI hacked into Firefox, and Mozilla wants to know how

FBI Headquarters
Mozilla wants to know how the FBI broke into its browser, and is using an ongoing court case to force the government to do it. The case revolves around the Tor Browser, a Firefox-based browser that allows individuals to browse the web anonymously and deter surveillance.

FBI agents somehow broke into the browser of Jay Michaud in an effort to catch him in the alleged act of downloading child pornography. While Mozilla is obviously not taking Michaud’s side in the case, the organization felt it important to know how exactly agents got into Tor in the first place.

“At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” Mozilla’s chief legal and business officer Denelle Dixon-Thayer said in a Wednesday blog post.

What makes this case interesting is the judge’s ruling surrounding the disclosure of how the hack was done. U.S. District Court Judge Robert Bryan ordered the FBI to disclose the nature of the vulnerability to Michaud’s defense team, but also forbid the groups from disclosing the vulnerability to either Tor or Mozilla, whose browsers may be somehow vulnerable.

“We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed,” Dixon-Thayer argued.

Judge Bryan’s decision is curious, and could show a lack of understanding of how security flaws are disclosed. While the courts have a valid reason for protecting the right of the FBI to perform its investigation the best way it sees fit, innocent Tor and Firefox users might be at risk. The security community has long had a policy of alerting software developers to any discovered flaw to the software makers themselves first.

The thought is, if the developers get wind of the vulnerability first — any potential effects from malicious use would be minimized. Here, Mozilla has no idea what is wrong with its browser, so there’s no way to fix it.

“We are on the side of the hundreds of millions of users who could benefit from timely disclosure,” Dixon-Thayer said. A full copy of Mozilla’s amicus curiae brief is available from the organization’s website.

Editors' Recommendations

Ed Oswald
For fifteen years, Ed has written about the latest and greatest in gadgets and technology trends. At Digital Trends, he's…
Digital rights group Fight for the Future wants to ban facial recognition
fbis face recognition database holds 13 of all americans fbi facial mem 3

A digital rights group wants to completely ban the government from using facial recognition surveillance software.

Fight for the Future's new campaign, announced Tuesday, includes the website, which asks visitors to contact lawmakers about the issue. The website states, “Facial recognition surveillance technology is unreliable, biased, and a threat to basic rights and safety.” 

Read more
Mozilla rolls out Firefox for iPad with split screen support
firefox 55 adds webvr support

Mozilla has released a version of Firefox designed specifically for Apple's iPad, to provide a better browsing experience for owners of the tablet.

"We know that iPads aren't just bigger versions of iPhones," Mozilla said in a blog post. "So rather than just make a bigger version of our browser for iOS, we made Firefox for iPad look and feel like it was custom made for a tablet."

Read more
Share encrypted files via Mozilla’s Firefox Send, a free file-sharing service
Firefox Send Mozilla Blog Stock Photo

A new and free file-transfer service offers users the ability to send encrypted files with expiring links, as well as a number of other personal data safety features.

Software developer Mozilla recently announced via a blog post that its new encrypted file-sharing service, called Firefox Send, has finally “graduated” from its former beta status.

Read more