#33430: Disable downloadable fonts on Safest security level --------------------------------------+-------------------------- Reporter: dcent | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam202002 | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+-------------------------- Changes (by sysrqb):
* keywords: => TorBrowserTeam202002 Comment: Thanks for reporting this. While I was partially joking about a "malicious font", I did take this seriously. This could be a attack vector, so I dug into it a bit and it looks like we can flip `gfx.downloadable_fonts.enabled` on Safest and it will ignore webfonts. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs