Mozilla Files Suit Against the US FBI to Reveal Tor Browser Vulnerability Details

The ongoing battle over the US FBI's use of a zero-day in the Tor anonymity browser hit a new gear this week with Mozilla filing a brief to get access to the vulnerability details. The legal brief filed with the U.S. District Court for the Western District of Washington, warns that “the security of millions of individuals using Mozilla’s Firefox Internet browser could be put at risk by a premature disclosure of this vulnerability.” Tor, popular among web users for the privacy and anonymity features it offers, consists of a modified Mozilla Firefox web browser. The open-source Mozilla now wants to make sure its own code isn’t implicated in the Tor zero-day that was used by the FBI in 2015 to unmask web users accessing child pornography content. “If our code is implicated in a security vulnerability, [the] government must disclose the vulnerability to us before it is disclosed to any other party. We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure,” Dixon-Thayer added. The Mozilla brief is urging the court to require the government to disclose the vulnerability to the affected technology companies first, so it can be patched quickly. During the criminal case proceedings, Justice Robert J. Bryan ruled that the FBI to reveal the code it used to track the defendants but the government refused, arguing that the details of the exploit was not necessary for the defense’s case. Is the Mozilla case valid? Should the FBI be required to disclose the Tor vulnerabilities? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/