Mozilla would like the FBI to spill the beans on a Tor bug that might affect the company’s Firefox browser.

Last year, the FBI took advantage of a vulnerability in the Tor browser to install malware on the computers of more than 1,000 visitors of a child pornography website (found on the Dark Web, only accessible using Tor). The malware helped the FBI track down those accessing the site, and it proceeded to bust as many people as it could(Opens in a new window).

The problem? The Tor browser is based on code for Mozilla’s Firefox browser, and the Mozilla is concerned that whatever vulnerability the FBI found in Tor might also affect the browser maker. Naturally, it wants to patch that up for users who value a secure browsing experience.

“Today, we filed a brief in an ongoing criminal case asking the court to ensure that, if our code is implicated in a security vulnerability, that the government must disclose the vulnerability to us before it is disclosed to any other party. We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure,” Mozilla’s chief legal and business officer, Denelle Dixon-Thayer, wrote in a blog post(Opens in a new window).

“Some have speculated, including members of the defense team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser. At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” she continued. “The judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability. We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.”

Recommended by Our Editors

FBI: Sorry, That iPhone Bug Stays Secret for Now

As for the FBI, it’s possible that it’s going to drop its court case against one person caught in the sting, a Washington State special ed teacher, rather than disclose the vulnerability it used in its operation, the Seattle Post-Intelligencer reports(Opens in a new window). Lawyers for the teacher argue that they have a right to review the malware used—hoping that it was the malware itself, and not their defendant, who accessed pornographic message board threads. Though U.S. District Court Judge Robert Bryan agreed in a February ruling, the FBI asked him in March to reconsider.

“The government continues to maintain that [the defendant] has all the necessary tools to verify the NIT data and confirm that the NIT operated as the government has said it did. His justifications for the requested discovery rest on speculation, not fact, and he has made no showing that would support the requested discovery,” reads part of the FBI lawyers’ arguments(Opens in a new window).