[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] Re: #1328 [Tor-Torbutton]: Add option to block remote fonts

To: undisclosed-recipients:;
Subject: [tor-bugs] Re: #1328 [Tor-Torbutton]: Add option to block remote fonts
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 27 May 2010 06:55:47 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-bugs-outgoing@xxxxxxxx
Delivered-to: tor-bugs@xxxxxxxxxxxxxx
Delivery-date: Thu, 27 May 2010 02:55:53 -0400
In-reply-to: <049.2d524f28cd1464e7eeafb6dc5d779bbc@xxxxxxxxxxxxxx>
References: <049.2d524f28cd1464e7eeafb6dc5d779bbc@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: owner-tor-bugs@xxxxxxxxxxxxxx

#1328: Add option to block remote fonts
-----------------------+----------------------------------------------------
 Reporter:  mikeperry  |         Type:  enhancement  
   Status:  closed     |     Priority:  minor        
Milestone:             |    Component:  Tor-Torbutton
  Version:  1.2.4      |   Resolution:  wontfix      
 Keywords:             |  
-----------------------+----------------------------------------------------
Changes (by mikeperry):

  * status:  new => closed
  * resolution:  None => wontfix


Old description:

> Firefox 3.6.1 recently fell prey to a remote font exploit. In firefox
> 3.5, the browser began accepting fonts
> remotely from websites. The problem is that the truetype font engine is
> ancient code - code rewritten
> from pascal into non-reentrant C, and then rewritten again into reentrant
> C. This code is extremely cryptic
> and hard to maintain and review, and probably wasn't written with the
> threat model of unsafe and malicious
> remote input in mind. It's a security nightmare waiting to rain down more
> vulnerabilities like this.
>
> My personal feeling is that this means we should ship with NoScript in a
> good default configuration for
> Tor Browser Bundle. However, I would be willing to accept patches to our
> nsIContentPolicy to optionally
> block remote fonts as an alternative.
>
> [Automatically added by flyspray2trac: Operating System: All]

New description:

 Firefox 3.6.1 recently fell prey to a remote font exploit. In firefox 3.5,
 the browser began accepting fonts
 remotely from websites. The problem is that the truetype font engine is
 ancient code - code rewritten
 from pascal into non-reentrant C, and then rewritten again into reentrant
 C. This code is extremely cryptic
 and hard to maintain and review, and probably wasn't written with the
 threat model of unsafe and malicious
 remote input in mind. It's a security nightmare waiting to rain down more
 vulnerabilities like this.

 My personal feeling is that this means we should ship with NoScript in a
 good default configuration for
 Tor Browser Bundle. However, I would be willing to accept patches to our
 nsIContentPolicy to optionally
 block remote fonts as an alternative.

 [Automatically added by flyspray2trac: Operating System: All]

--

Comment:

 Closing this. We should rely on NoScript.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1328#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Prev by Author: [tor-bugs] Re: #1261 [Tor-Torbutton]: Typing cadence
Next by Author: [tor-bugs] Re: #1334 [Tor-Torbutton]: Split update option into 3 prefs
Previous by thread: [tor-bugs] Re: #1261 [Tor-Torbutton]: Typing cadence
Next by thread: [tor-bugs] Re: #1334 [Tor-Torbutton]: Split update option into 3 prefs
Index(es):
- Author
- Thread