All the time while everybody was focused on the Apple vs. FBI fight to unlock the San Bernardino's shooter iPhone, the FBI's lawyers and the US Department of Justice were also busy battling the defense in a related case.
It all started with a seized Dark Web child pornography website
Back in March 2015, the FBI managed to seize the Web server on which the "Preteen Videos—Girls Hardcore" Dark Web portal was running, a forum on which child pornography was being freely exchanged.
The Bureau says it used a network investigative technique (NIT) to detect and pinpoint the location of users that accessed and posted on that website, charging 137 US citizens following the incident.
One of those was Jay Michaud, who denied the FBI's claims and whose lawyers wanted the FBI to provide access to the forensics tools used to incriminate their client, so their technical expert could analyze its accuracy.
Signs point to the FBI using a Tor Browser exploit
Since Dark Web websites can be accessed only via special technology, like the Tor Browser, it makes technical sense that the FBI used an exploit in this tool to locate all 137 suspects, and even more that were reported to agencies in other countries. The theory was also
confirmed by US-based news outlets following the Michaud case.
What not all people know is that the Tor Browser is not really a standalone browser at all. The Tor Project used a version of the Firefox ESR (Extended Support Release) browser to add their encrypted-layered-proxy technology on top and create the Tor Browser.
As Mr. Weaver
points out, "the Tor Browser is simply Firefox running in a hardened mode." This means that if US news outlets and Michaud's lawyers are right, and the FBI is sitting on a Tor Browser vulnerability, then automatically that's a Firefox vulnerability as well.
Tor Browser exploits are automatically Firefox exploits as well
"While many Firefox exploits will not work against the Tor browser—particularly those relying on Flash—the converse is not necessarily true. To the contrary, any Tor browser exploit is almost certainly a Firefox exploit too," Mr. Weaver also notes, leveraging his expertise in computer science.
Since the US DoJ is mounting an all-out assault to keep the Tor Browser exploit out of the public eye, common sense dictates that this is a previously unknown issue, otherwise, why bother.
Firefox is managed as an open source project, so all vulnerabilities are publicly disclosed after being patched. If this was an exploit based on an old flaw, it wouldn't make sense to fight in court to keep it secret, since everybody already knows about it.
In infosec terms, these types of unknown and unpatched vulnerabilities, also used in live attacks, are called zero-day vulnerabilities. At this moment, all of the FBI's actions point to the fact that the Bureau may be hoarding a Firefox zero-day, something which it plans to use in future investigations as well.