[tbb-dev] MathML disabling in Tor Browser
Arthur D. Edelstein
arthuredelstein at gmail.com
Wed Jun 10 16:03:08 UTC 2015
Here's the original:
https://bugzilla.mozilla.org/show_bug.cgi?id=1173199#c12
On Wed, Jun 10, 2015 at 8:57 AM, Arthur D. Edelstein
<arthuredelstein at gmail.com> wrote:
> Frédéric Wang posted the following comment on bugzilla.mozilla.org
> about Tor Browser's disabling of MathML. I'm posting it here in case
> it's useful:
>
>> I'm curious to know what was the reasoning to put MathML in that category [Medium-Low] and whether the Mozilla MathML/Security teams should do something to provide more security guarantee on MathML to Tor people.
>>
>> The "Medium-Low" level seems to only disable features related to executable code (javascript & java) while MathML is essentially a complex rendering of text so it should be treated at the same level as layout, graphics & fonts (e.g. the latest public critical issue I'm aware of is https://www.mozilla.org/en-US/security/advisories/mfsa2014-59/, which is actually really from the "DirectWrite font handling").
>>
>> The iSEC study does not even mention vulnerability of MathML while it says that "the SVG components have been the host of several exploitable bugs in the past several years" and recommends to "disable at the Low or Medium security level"... but your link says it is only disabled in High mode.
>>
>> Also, the iSEC study says it rely on the exploit analysis, but a quick search on https://www.mozilla.org/en-US/security returns far less results (two) for MathML than for SVG. And actually a search for "graphite" also returns two crashes too: https://www.mozilla.org/en-US/security/advisories/mfsa2012-64/
>>
>> Finally, the iSEC study seems to take into account the number of websites using a given feature, but MathML does not seem less popular than graphite or svg opentype fonts.
More information about the tbb-dev
mailing list