Home » Featured » Judge Denies Mozilla’s Request For FBI To Come Clean
Click Here To Hide Tor

Judge Denies Mozilla’s Request For FBI To Come Clean

Mozilla’s bid to disclose its vulnerability was rejected by a US judge. US district court judge Robert Bryan in Tacoma, Washington. Before Mozilla requested anything, Bryan told prosecutors to give information on the flaw in the Tor browser the FBI used to track Michaud’s whereabouts. The Justice Department asked Bryan to reconsider, saying it was due to a national security risk, but the judge said last Thursday that prosecutors didn’t have to.

Mozilla sent a request to the judge for the information so they could shut down the vulnerability which they say is a security risk to Firefox users.

“It appears that Mozilla’s concerns should be addressed to the United States,” Bryan said.

One of 137 others, Michaud is facing charged in the US due to the FBI seizure of Playpen. Mozilla said it has a right to know about the hack used by the FBI to track the online criminal so it can be fixed before anyone else has the chance to use it.  An online child predator was caught using a zero-day exploit in Tor, which contains similar code as Firefox. The FBI continued to use it to catch more predators in the Playpen child porn ring.

In spite of the requests, the FBI never gave up any information to anyone in case they need to use it again; and it is unknown if the issue has been fixed or not.

“The judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability. At this point no one, including us, outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” Mozilla’s chief legal and business officer Denelle Dixon-Thayer wrote in a blog post recently.

She went on to explain that having the issue unfixed could be dangerous due to other hackers being able to find out and use it to hack people and companies.

“We aren’t taking sides in the case, but we are on the side of hundreds of users who could benefit from timely disclosure,” she also wrote.

This isn’t the only time the FBI has refused to share information. They also wouldn’t give up any information on how they managed to hack the San Bernardino shooters iPhone.


  1. We already know what the FBI’s “hack” was — either JavaScript and/or Flash. Disable both and you’ll be secure.

    • The only ones that truly know the power of that exploit is the FBI. They caught ip’s from over 1,000 people. We don’t even know how many of those were using tbb/tails/whonix, so don’t start spreading lies. Disabling javascript and flash makes tor browser more secure, but this could be a completely different attack surface, and I’m not ruling out the idea that they could have figured out how to deanon part of the tor network itself.

      • TorBoy

        Agreed. Only the federal turds know for sure. Eventually, the truth will come out. Per the Tor project, even agents from the NSA give them information on vulnerabilities within the Browser. But, 138 cases out of a 1,000 users (say, 15%) is really a small figure; why can’t the FBI trace those other 950 or so perverts? And, a 1,000 users out of the 250K that signed-up at the Playpen website is pitifully smaller still.

        Keep track of this, DeepDotWeb Admins; America is not yet a totalitarian state. The People of the US (and, the World) have a RIGHT to know what this vulnerability is (or, at least, was).

    • Anonymous

      FBI’s friendly Google chrome without disable java/flash.

  2. does someone read these articles before submitting them?

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *