W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: Fonts and security

From: John Daggett <jdaggett@mozilla.com>
Date: Wed, 29 Jul 2009 14:39:50 -0700 (PDT)
To: John Hudson <tiro@tiro.com>
Cc: www-font@w3.org
Message-ID: <30687028.140641248903590724.JavaMail.root@cm-mail02.mozilla.org>
As with the Chrome team, when the subject of supporting downloadable fonts in Firefox was brought up the primary concern was security.  I've had discussions other developers passionately arguing against this feature for that very reason.  That's why a linked font is used with caution, never affects text outside the page that links to that font and is never installed as a system font, ever.

I'm sure in the future there will be browser attacks where fonts are part of the attack.  That's why it's important for font vendors and authors to *always* report fonts that cause platform crashes of any kind, no matter how obscure, because that might be an exploitable attack vector.  And that includes areas that seem far removed, like complex script handling.  If anything, these areas are more vulnerable because they are more complex and less rigorously tested.  Sometimes it's difficult to get OS vendors to respond because these situations seem like "edge cases" of lower priority but it's the nature of the crash not the obscurity that determines it's potential as an attack vector.

Another thing to point out is that embedded document formats like PDF have the same problem with slightly different ripples.
Received on Wednesday, 29 July 2009 21:40:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:03 GMT