Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 2 MINUTES AGO.
You are here: Home / Data Security / Mozilla to FBI: Disclose Firefox Exploit
Mozilla Pushes Feds To Disclose Firefox Exploit
Mozilla Pushes Feds To Disclose Firefox Exploit
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
13
2016
Software company Mozilla has filed a motion in court to compel the Federal Bureau of Investigation (FBI) to reveal how it managed to hack the Tor browser. Tor is partly built on the source code behind Mozilla’s Firefox browser, and the company said it is worried whatever bug federal agents exploited to attack the Tor network could also be used by hackers against Firefox.

The brief, which was filed Wednesday in U.S. District Court in Washington, is an amicus curiae in the case of United States of America v. Jay Michaud. According to the brief, Mozilla is acting as a third party not on behalf of either side, but rather with the intention of requiring the government to disclose the vulnerability to Mozilla before disclosing it to the defendant.

Millions at Risk

“Absent great care, the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability,” the company argued in its brief to the court.

Mozilla said it believes the exploit used by the FBI in the Michaud case is part of a previously unknown, and therefore potentially still active, vulnerability in the Firefox code base.

The company said its belief is based on the fact that a prior exploit of the Tor browser on the part of the government was alleged to have taken advantage of such a vulnerability. In addition, technical experts called during the case have testified that they believe the government has access to a Firefox vulnerability.

Mozilla said it has already contacted the government regarding the matter, but the feds have so far refused to disclose any information about the exploit, including whether it could be used against Firefox or other Mozilla products.

“We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure,” Denelle Dixon-Thayer, Mozilla’s chief legal and business officer, wrote in a blog post.

Fixing the Vulnerability Before Disclosure

“At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” Dixon-Thayer added. “The judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability. We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.”

The Michaud case centers on the FBI’s attempt to infiltrate a child porn Web site located on the so-called Dark Net. Dark Net Web sites can only be accessed via the Tor browser. The FBI said it used a vulnerability in the Firefox browser to take control of the site, which then uploaded malware to the computers of the site’s visitors.

Once the technique has been exposed in court, the code used by the FBI in its efforts could potentially be used by anyone to remotely place instructions on an individual’s system to send back specific information, according to Mozilla's court filing.

Image Credit: Screenshots via Mozilla/Firefox.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.
--- 441