[tor-bugs] #33430 [Applications/Tor Browser]: Disable downloadable fonts on Safest security level

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 27 03:24:28 UTC 2020


#33430: Disable downloadable fonts on Safest security level
--------------------------------------+------------------------------
 Reporter:  dcent                     |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam202002      |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:  acat                      |        Sponsor:
--------------------------------------+------------------------------

Comment (by dcent):

 Good to see this is being addressed.

 It might be advantageous to determine what Firefox allows as application
 data when parsing urls in CSS. Is it only fonts or are other things that
 can draw to the screen permitted eg. svgs (which are also not permitted in
 Tor), other media etc.

 If so it might be safest to prevent the parsing of "application" data at
 the CSS level?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list