A separate BSD firewall box to prevent any connections outside Tor would've prevented this, or thegrugqs p.o.r.t.a.l. box. These attacks will only get better, FF 0day isn't all that expensive so simply disabling JavaScript won't be an option in the future, which prevented the second attack where a custom exploit was used by the FBI.
What's the legal defense if a random .onion address is posted claiming it's leaked juicy Sony emails and scripts and it turns out to be an illegal porn site full of FBI snitchware? How do they draw a legal distinction between a pervert and an idiot who clicks a link?
> "How do they draw a legal distinction between a pervert and an idiot who clicks a link?"
Much of child porn law centers around "intent" -- it's not illegal to see child porn (and be like "oh nasty, don't want that, alt-f4"), it's illegal to intentionally produce, procure, possess, or distribute it.
If the FBI controls the server, they can monitor connections and behavior. Did the user open the site and then immediately leave? Did they scroll around? Did they click images or videos? Did they access multiple pages which are clearly identified as perv material rather than leaked juicy Sony e-mails? Loading the site and then immediately leaving doesn't show intent, but loading the site and then digging around on it does. (There's also the next level -- once the FBI identifies a potential perv-or-idiot and seizes their box, they can check for additional evidence, like whether someone has accumulated a collection of child porn.)
The legal defense concept that would apply is called an "affirmative defense". It basically says yes, you did the thing in question, but explains that there was no criminal intent. Like, yes, I clicked on a link that took me to a website with illegal content, but I was misled, as you can see from my behavior of immediately hitting the "back" button. (Likewise, if you find in your large porn collection that a few images are actually illegal, you can safely delete them or turn them over to police -- the fact that your main collection is legal, and that you acted to get rid of the illegal content, shows that you did not have criminal intent.)
>FF 0day isn't all that expensive so simply disabling JavaScript won't be an option in the future
Do you have any example of exploit that would no require javascript? AFAIK they are usually about javascript memory handling in order to evade the sandbox
Just go through FF CVEs and look for vulnerabilities that enable remote code execution without .js like .cpp malformed text rendering.
Doesn't seem to me that the FBI cares about hiding the fact your browser has been exploited as their last known attempt (freedom hosting) didn't try very hard to cover it's tracks.
I'm not too sure about Firefox specifically but I know there were some vulnerabilities in image format handling etc. that could be exploited without JS; this is the most prominent one that comes to mind:
However, to evade detection and frustrate any reverse-engineering attempts, even these sorts of exploits are usually "packaged" in an obfuscated JS wrapper, so they would still require it enabled to work.
What's the legal defense if a random .onion address is posted claiming it's leaked juicy Sony emails and scripts and it turns out to be an illegal porn site full of FBI snitchware? How do they draw a legal distinction between a pervert and an idiot who clicks a link?