[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Fwd: Downloadable content: Fonts!
On 2/19/16, Nathan Freitas <nathan@xxxxxxxxxxx> wrote:
> Mozilla is adding some new runtime installation features to reduce the
> size of the mobile Firefox APK. Is this happening at all on desktop? It
> makes me nervous as the "default" config could very much more greatly,
> not to mention having a new centralized attack channel.
Maybe not so new an attack channel. Have you seen
https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
"Since Mozilla Firefox versions 11-42 directly support Graphite, the
attacker could
easily compromise a server and then serve the specially crafted
font when the user
renders a page from the server "
https://blog.torproject.org/blog/tor-browser-552-released
Users on the security level "High" or "Medium-High" were not
affected by the bugs in the Graphite font rendering library.
Regards,
Lee
>
> ----- Original message -----
> From: Sebastian Kaspari <s.kaspari@xxxxxxxxx>
> To: "mobile-firefox-dev" <mobile-firefox-dev@xxxxxxxxxxx>
> Subject: Downloadable content: Fonts!
> Date: Fri, 19 Feb 2016 11:56:42 +0000
>
> Good news, everyone!
>
> Our first step to downloadable content has been enabled in Nightly: This
> means we now stopped to ship fonts[1] in the APK and instead download
> them
> at runtime (Bug 1194338 [2]).
>
> With that we reduced the size of the APK by roughly 6.4% (~ 2.7MB) [3].
> â
> Without having the fonts downloaded (yet) our users can still browse
> websites but they may look less nice. And in fact, as things go, a bug
> caused just that to happen in Nightly (We don't download any fonts): bug
> 1249354 [4].
> So if websites are currently looking a bit weird on Nightly then that's
> because of that. The bug should be resolved soon and after that let me
> know
> if you see any new weird issues related to (wrong) fonts. :)
>
> Our plans for the future:
> * Right now we ship the list of fonts and the location to download with
> the
> application. We want to synchronize this catalog of content from a Kinto
> instance: https://bugzilla.mozilla.org/show_bug.cgi?id=1201059
> * We want to download hyphenation dictionaries at runtime too:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1095719
> * Eventually we might even want to download (some) localization files at
> runtime: https://bugzilla.mozilla.org/show_bug.cgi?id=945123
>
> Best,
> Sebastian
>
> [1] https://www.youtube.com/watch?v=6J2rrFiN1Jw
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1194338
> [3] https://twitter.com/Anti_Hype/status/699905577196134400
> [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1249354
> _______________________________________________
> mobile-firefox-dev mailing list
> mobile-firefox-dev@xxxxxxxxxxx
> https://mail.mozilla.org/listinfo/mobile-firefox-dev
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev