[tor-users] FONT at domain.net dangerous ? NoScript
Sean Lynch
seanl at literati.org
Wed Sep 6 22:31:11 UTC 2017
I would not assume Linux is safe. Font engines are complex beasts, giving
security bugs plenty of places to hide. Freetype has had 22 vulnerabilities
discovered since 2009 that could have been used to execute code, and
Graphite, Firefox's current font rendering engine, has also had its share.
In fact, as recently as April, Firefox had BOTH a remote execution font
rendering bug *and* a sandbox escape bug that perhaps could have been
combined to enable executing arbitrary code outside the sandbox.
On Wed, Sep 6, 2017 at 2:30 PM Petrusko <petrusko at riseup.net> wrote:
> Buh! Thx Andre for your answer and the link :)
> Very interesting, but hard to understand for a novice. So I can see it's
> only Windows problem if I'm not wrong.
> So on a Linux machine there's no (not know) risk to enable @Font ...
>
> Thx! ;)
>
>
> Andre Mankel :
> > Downloading fonts may be dangerous although the chances are rather
> > low. But as always, this is subject to many circumstances.
> >
> >
> https://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kernel/101263/
> >
> > Best wishes
> > Andre
>
> --
> Petrusko
> C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5
>
>
> _______________________________________________
> tor-users mailing list
> tor-users at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-users/attachments/20170906/a133bfe1/attachment.html>
More information about the tor-users
mailing list