[tbb-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

Thu Feb 27 04:49:21 UTC 2020

#33430: Disable downloadable fonts on Safest security level
--------------------------------------+------------------------------
 Reporter:  dcent                     |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam202002      |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:  acat                      |        Sponsor:
--------------------------------------+------------------------------

Comment (by Thorin):

 I don't necessarily agree with this approach. At some stage safest is
 going to become practically useless. Downloadable fonts are often used for
 glyphs/icons (although it's only visual and usually users can intuitively
 tell what the tofu means). This is not something obscure like graphite.

 > What is a malicious font?

 sysrqb: you kinda jested, but I'm asking in earnest. Can you point me at
 any documentation?

 > it might be safest to prevent the parsing of "application" data at the
 CSS level

 This seems like the better approach (and to confirm no other types can be
 downloaded via this method and exploited). Can a downloadable font used by
 this method do anything more than one than isn't?

 I'm not an expert on data URIs, but my understanding is that security
 threats from this are (probably) already mitigated by Mozilla upstream -
 so I'm seriously asking why this needs to be done, or at least some
 discussion / clarity around it

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online