You are here

HomeJohn Lister › Judge says FBI can Keep Firefox Bug a Secret

Judge says FBI can Keep Firefox Bug a Secret

John Lister's picture
by John Lister on May, 19 2016 at 12:05PM EDT

A judge has refused Mozilla's request that the FBI be forced to hand over details of a potential security bug in its Firefox browser. Mozilla argued there was a risk of the bug becoming public, which would then put anyone using its browser(s) at risk of an online attack.

The request follows a separate criminal case involving a website engaged in indecent content depicting children. The site isn't available through ordinary web browsers such as Firefox, but instead runs through the Tor network.

The Tor network works using the world wide web, but data is sent on a different channel (so to speak). The idea behind the Tor network is to make it extremely difficult to trace the origin of somebody visiting a site. In this case, however, the FBI was able to track down the alleged offenders through a security bug in the Tor network software.

Tor Bug May Affect Firefox

The problem is that some of the code used to operate the Tor network was taken from the same open source library as Mozilla's Firefox web browser. That means there's a very good chance the security bug used by the FBI could also be present in Firefox, in turn compromising privacy and security for Firefox users.

Originally, the court agreed that the accused man's defense lawyers had the right to know the details of the bug in order to make their case and question the validity of the resulting evidence.

Mozilla then stepped in and argued that it should be allowed to see the bug details first, so that it could issue any necessary patches before the lawyers got their hands on the information and it effectively entered the public domain.

Judge Says Issue No Longer Relevant

However, the judge has now ruled that for national security reasons, the FBI doesn't have to hand over the details of the bug to the lawyers. As a result, the judge says Mozilla's demand is now irrelevant as the details will remain known only to the FBI. (Source: ibtimes.co.uk)

Mozilla disagrees and says it will now lobby the government directly to argue that no matter how securely it intends to keep the details of the bug, the responsible thing to do is let Mozilla know so that it can work on a fix if necessary. (Source: reuters.com)

What's Your Opinion?

Should the court have forced the FBI to tell Mozilla the details of the bug? If not, do you think the FBI should do so voluntarily? Does the benefit to society of investigators being able to exploit secret bugs to track suspects outweigh the risks of the bug going public before the software is patched?

Filed under:
Courts
| Tags:
tor network
,
security bug
,
firefox
,
fbi
,
mozilla
,
judge
Rate this article: 
Average: 5 (7 votes)

Comments

Dennis Faas's picture

Submitted by Dennis Faas on Thu, 05/19/2016 - 12:46

This is a fine line between national security (as it's been suggested), and the need-to-know in order to do the responsible thing. I am however siding with Mozilla on this issue. If a serious bug was to be discovered that could put all Firefox browsers at risk, then I believe Mozilla has the right to fix their own software before it becomes exploited and potentially infects hundreds of thousands of people with malware, for example.

Navy vet's picture

Submitted by Navy vet on Thu, 05/19/2016 - 13:21

The government can't keep anything secure. The details of the bug will be public soon enough.

Doccus's picture

Submitted by Doccus on Thu, 05/19/2016 - 19:01

Ah yes Dennis.. but you're thinking like a geek, not like a spook ;-) The FBI is thinking "we want to use it to catch more of those online baddies.. and not worrying about a bit o' that old "spilt milk" consequenses.
However, you're thinking "but hey.. it's THEIR software, (Moziilla's) not the FBIs..
Since the cat's now out of the bag, however, the tally appears to be Geeks =1 , Spooks=0 since they're not going to catch anybody now.. as they baddies are on guard against it..
Just my 2 cents, anyways....

Time's picture

Submitted by Time on Thu, 05/19/2016 - 23:23

Who doesn't think now that everyone knows there is a bug that the hackers are not going to look for it, raise your hand!

Boots66's picture

Submitted by Boots66 on Fri, 05/20/2016 - 12:37

Time for Moxilla to do it's own homework - they more then likely can determine what code parts are similar in TOR and then determine what of their code is at fault - They should be open and ready for this anytime - The fact that they are crying out is that they have not done said homework as they should have and it has been publically pointed out!

tmcd's picture

Submitted by tmcd on Thu, 05/26/2016 - 12:29

I think the FBI should share the details of the bug with Mozilla. You know darn well if the bug were in a piece of software that made the FBI operations vulnerable they'd want it fixed.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.