Mozilla wants to know how the FBI exploited a vulnerability in its Firefox Web browser to investigate users of a child pornography website.
On Wednesday, the company filed papers in federal court in Tacoma, Wash. to find more information on a security flaw in the Tor Browser, a Firefox-based browser that lets users surf the Web anonymously and protect their privacy.
In February 2015, the FBI seized computer servers for Playpen, a child porn site on the Tor network, from a Web host in Lenoir, N.C., according to the Hacker News.
From Feb. 20 to March 4, the agency continued to run the website from its own servers in Newington, Va., and used its Network Investigative Technique (NIT) to identify the IP addresses of users who log on to the illegal site.
The technique would cause a user's computer to send the FBI data every time that person visits the site.
"The Tor Browser is partially based on our Firefox browser code. Some have speculated, including members of the defense team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser," Mozilla's chief legal and business officer Denelle Dixon-Thayer said in a blog post. "At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base."
She added that a judge had ordered the vulnerability to be disclosed to lawyers for a defendant, Jay Michaud, but not to any of the entities that could actually fix it.
"We don't believe that this makes sense because it doesn't allow the vulnerability to be fixed before it is more widely disclosed," Dixon-Thayer wrote.
Michaud is one of 137 people charged in the FBI investigation of the computer servers, which has recently run into a bit of legal trouble after two defendants won rulings declaring the search warrants used in their cases invalid.
In February, Judge Robert Bryan ordered that prosecutors disclose to Michaud's lawyers the code used to deploy the NIT. Bryan was asked to reconsider.