On 2/19/16, Nathan Freitas nathan@freitas.net wrote:
Mozilla is adding some new runtime installation features to reduce the size of the mobile Firefox APK. Is this happening at all on desktop? It makes me nervous as the "default" config could very much more greatly, not to mention having a new centralized attack channel.
Maybe not so new an attack channel. Have you seen https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html "Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server "
https://blog.torproject.org/blog/tor-browser-552-released Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.
Regards, Lee
----- Original message ----- From: Sebastian Kaspari s.kaspari@gmail.com To: "mobile-firefox-dev" mobile-firefox-dev@mozilla.org Subject: Downloadable content: Fonts! Date: Fri, 19 Feb 2016 11:56:42 +0000
Good news, everyone!
Our first step to downloadable content has been enabled in Nightly: This means we now stopped to ship fonts[1] in the APK and instead download them at runtime (Bug 1194338 [2]).
With that we reduced the size of the APK by roughly 6.4% (~ 2.7MB) [3]. Without having the fonts downloaded (yet) our users can still browse websites but they may look less nice. And in fact, as things go, a bug caused just that to happen in Nightly (We don't download any fonts): bug 1249354 [4]. So if websites are currently looking a bit weird on Nightly then that's because of that. The bug should be resolved soon and after that let me know if you see any new weird issues related to (wrong) fonts. :)
Our plans for the future:
- Right now we ship the list of fonts and the location to download with
the application. We want to synchronize this catalog of content from a Kinto instance: https://bugzilla.mozilla.org/show_bug.cgi?id=1201059
- We want to download hyphenation dictionaries at runtime too:
https://bugzilla.mozilla.org/show_bug.cgi?id=1095719
- Eventually we might even want to download (some) localization files at
runtime: https://bugzilla.mozilla.org/show_bug.cgi?id=945123
Best, Sebastian
[1] https://www.youtube.com/watch?v=6J2rrFiN1Jw [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1194338 [3] https://twitter.com/Anti_Hype/status/699905577196134400 [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1249354 _______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev