[tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 25 17:42:40 UTC 2020


#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--------------------------------------+--------------------------
 Reporter:  dcent                     |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by dcent):

 As issue with NoScript is by extension an issue with Tor Browser.

 It's easy to reproduce as stated in the ticket, but if you have any
 further questions I'd be happy to answer.

 Is anyone at Guardian Project able to follow this up with the NoScript
 developer(s) or direct the NoScript developer(s) over here?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list