#33430: Disable downloadable fonts on Safest security level
--------------------------------------+------------------------------
Reporter: dcent | Owner: tbb-team
Type: defect | Status: needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam202002 | Actual Points:
Parent ID: | Points:
Reviewer: acat | Sponsor:
--------------------------------------+------------------------------
Comment (by dcent):
Good to see this is being addressed.
It might be advantageous to determine what Firefox allows as application
data when parsing urls in CSS. Is it only fonts or are other things that
can draw to the screen permitted eg. svgs (which are also not permitted in
Tor), other media etc.
If so it might be safest to prevent the parsing of "application" data at
the CSS level?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33430#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
