Menu
Mozilla wants US to disclose to it first any vulnerability found in Tor by government hackers

Mozilla wants US to disclose to it first any vulnerability found in Tor by government hackers

Mozilla says it wants to check if the vulnerable code is found in Firefox code

Mozilla has asked a court that it should be provided information on a vulnerability in the Tor browser ahead of it being provided to a defendant in a lawsuit, as the browser is based in part on Firefox browser code.

“At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” wrote Denelle Dixon-Thayer, chief legal and business officer at Mozilla, in a blog post Wednesday.

Mozilla is asking the U.S. District Court for the Western District of Washington in the interest of Firefox users to ensure that the government must disclose the vulnerability to it before it is revealed to any other party, as any disclosure without advance notice to Mozilla will increase the likelihood that the exploit will become public before Mozilla can fix any associated vulnerability in Firefox.

The Tor browser comprises a version of Firefox with some minor modifications that add privacy features, and the Tor proxy software that makes the browser's Internet connections more anonymous, according to the filing.

The FBI had in 2015 used what it described as a “network investigative technique” to monitor users visiting a child pornography site, hidden on the so-called Tor anonymity network, which it had seized but kept live to identify its visitors.

The court has asked the government to produce information related to a security vulnerability that it exploited in the Tor browser. The defense wants information on the exploit to find out if the government exceeded its warrant conditions.

In its filing on Wednesday, Mozilla warned that “absent great care, the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability,” according to the filing.

The government has so far refused to tell Mozilla whether the vulnerability at issue in the case involves a Mozilla product. But Mozilla said in the filing that it has reason to believe that the exploit used by the government “is an active vulnerability in its Firefox code base that could be used to compromise users and systems running the browser.”

The government has also refused to tell Mozilla if the exploit went through the Vulnerabilities Equities Process (“VEP”), which is a government process for deciding whether to share or not information on security vulnerabilities, according to Mozilla.

If Mozilla is not allowed to intervene in the case to protect its interests, the court should certainly allow Mozilla to appear as a friend of the court or amicus curiae, according to the filing.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
An Evening With Eugene Kaspersky for Kiwi partners in Auckland

An Evening With Eugene Kaspersky for Kiwi partners in Auckland

​New Zealand partners came together for An Evening With Eugene Kaspersky in Auckland, an invitation only event as part of Kaspersky Lab Partner Engage. Following an evening of insights and executive networking with the founder of Kaspersky Lab, Eugene Kaspersky, Kiwi partners got up close and personal with Eugene in an unprecedented​ panel discussion. Facilitated by Reseller News, this panel explored channel relationships, successful business strategies, and the latest ground breaking technologies to impact the security market. Photos by Maria Stefina.

An Evening With Eugene Kaspersky for Kiwi partners in Auckland
Show Comments