The exploit causes browser to crash in many (but not all) cases so if it was around for a while it would have probably been noticed when people reported browser crashes. No proof it was the only exploit, but we then must wonder why would the FBI use other exploits ? If they have a zero day exploit they used as well to get the patched users, why even bother to put an old exploit up as well, as the zero day would be all that is needed to target all users. The exploit was identified shortly after the down for maintenance messages started, nobody knows for certain when they were originally put there but unless they put them there before they arrested the person who seems to be FH admin, we have a definite maximum period of time they could have been there. The only thing that comes to mind is that perhaps the FBI put an obvious exploit on the site to make it be identified and make people with newer patched versions etc less paranoid so that they don't delete their caches of CP and have evidence available when FBI raids them. But if the FBI did this it would mean they think most users were on the patched version, as they would then induce people with unpatched versions to delete any evidence in order to get users with patched version to feel safe in not doing so. If I had to guess my guess would be that the exploit was not there for very long, and that there was only one used, but it is all speculation. When the FBI busted pedoforum hidden service they left some exploit up for two weeks I think, and then after this was revealed they were harshly criticized for allowed child porn to keep trading. From this I can assume two things, either the FBI did the same thing to freedom hosting and the exploit was around for about two weeks, or the FBI didn't want more backlash for letting the biggest CP networks in the world continue trading CP for two weeks, so they went with the maintenance message instead but then had their exploit discovered and fucked off.