[tbb-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 27 03:24:28 UTC 2020
#33430: Disable downloadable fonts on Safest security level
--------------------------------------+------------------------------
Reporter: dcent | Owner: tbb-team
Type: defect | Status: needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam202002 | Actual Points:
Parent ID: | Points:
Reviewer: acat | Sponsor:
--------------------------------------+------------------------------
Comment (by dcent):
Good to see this is being addressed.
It might be advantageous to determine what Firefox allows as application
data when parsing urls in CSS. Is it only fonts or are other things that
can draw to the screen permitted eg. svgs (which are also not permitted in
Tor), other media etc.
If so it might be safest to prevent the parsing of "application" data at
the CSS level?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list