Mozilla has to take another approach if it wants to discover and fix the vulnerability feds exploited to infiltrate a child porn website. Washington US District Judge Robert Bryan has thrown out the organization’s requestfor the security flaw’s details. If you’ll recall, the FBI seized the server of a child porn website on the Tor network called Playpen in early 2015. They then used a flaw in the Tor browser, which is based on Mozilla Firefox, to install malware that pointed agents to users’ locations. They nabbed over a hundred people from that sting, including a defendant in one of Bryan’s cases.
Mozilla fails to get the details on the FBI’s malware hack
Mozilla asked for the vulnerability’s details when Bryan ordered prosecutors to disclose the flaw to that defendant’s lawyers. The company wanted to get those details before the defendant could in order to patch up the security hole. However, the Justice Department managed to convince the judge to overturn his own decision for the sake of national security. Since the prosecutors don’t have to share the flaw’s details with the defendant’s lawyers anymore, Bryan decided that Mozilla’s request had no legs to stand on. “[It] appears that Mozilla’s concerns should be addressed to the United States,” he said.
Other defendants around the US and the world are facing charges brought about by the FBI’s operation. In one particularly interesting case, a judge tossed out the feds’ evidence, because they used an invalid warrant to carry out the malware hack.
Source | Engadget