The security flaw was actually in the Tor browser, which is based on Firefox's source code. Rather than shutting down Playpen, the FBI found a vulnerability in the code that allowed the agency to install malware and track Playpen's users. A judge in Washington State has granted one defendant's lawyers the right to review the malware, and in February a separate judge ruled that the FBI must turn over the malware code. Mozilla, however, is arguing that they should have the first crack at the security flaw so that it can be patched to prevent further harm in the meantime.

In a blog post, Dixon-Thayer writes: "if our code is implicated in a security vulnerability, that the government must disclose the vulnerability to us before it is disclosed to any other party. We aren't taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure."

In Massachusetts, a judge ruled that evidence obtained through the malware infection was inadmissible in court due to an invalid warrant.