Mozilla wants Tor hole

Mozilla has filed an amicus brief [PDF] in a criminal case arguing that the US government should provide it with details of any security holes it knows about before it shares those details with others.

The case concerns a public schools administration worker, Jay Michaud, who was charged with accessing a site that hosted child abuse images called Playpen.

The FBI used a hacking technique to identify who was visiting the website even if they were using the anonymizing Tor browser. But the government has refused to provide details of that hack to Mozilla, frustrating the company who wishes to patch any security holes in its browser.

"User security is paramount," wrote the organization's chief legal officer Denelle Dixon-Thayer is an accompanying blog post.

"Vulnerabilities can weaken security and ultimately harm users. We want people who identify security vulnerabilities in our products to disclose them to us so we can fix them as soon as possible… that's why we are taking action again – to get information that would allow us to fix a potential vulnerability before it is more widely disclosed." ®