The team behind Firefox is wading into a contentious battle involving the FBI, the dark web and some location-tracking malware. While Mozilla's chief legal officer Denelle Dixon-Thayer is careful to say the company is not taking sides in a case between the FBI and a defendant allegedly caught with files from a dark web child pornography site called Playpen, the company believes it has a right to know more about the security flaw that was used to track the location of over 1,000 of the site's users.
The security flaw was actually in the Tor browser, which is based on Firefox's source code. Rather than shutting down Playpen, the FBI found a vulnerability in the code that allowed the agency to install malware and track Playpen's users. A judge in Washington State has granted one defendant's lawyers the right to review the malware, and in February a separate judge ruled that the FBI must turn over the malware code. Mozilla, however, is arguing that they should have the first crack at the security flaw so that it can be patched to prevent further harm in the meantime.
In a blog post, Dixon-Thayer writes: "if our code is implicated in a security vulnerability, that the government must disclose the vulnerability to us before it is disclosed to any other party. We aren't taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure."
In Massachusetts, a judge ruled that evidence obtained through the malware infection was inadmissible in court due to an invalid warrant.