On Wed, Jan 29, 2014 at 8:36 AM, Sairus Patel <sppatel@adobe.com> wrote: > My point was that *security-wise*, I don’t see a difference between > guarding against executing an external font file referenced by a URL vs > guarding against executing an external font file referenced by a font > family name. In either case, executing the external file could potentially > do something bad. (We’ve seen plenty of crashers related to bad fonts, and > it’s possible for a bad font to be maliciously injected into the OS.) > The difference is very large. Sure, it's *possible* for a bad font to be maliciously injected locally, but that requires the use of a quite severe exploit already. With such an exploit the attacker might be able to just replace the browser with something less secure :-). In practice, Firefox treats local fonts much more leniently than downloaded fonts. Rob -- Jtehsauts tshaei dS,o n" Wohfy Mdaon yhoaus eanuttehrotraiitny eovni le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o Whhei csha iids teoa stiheer :p atroa lsyazye,d 'mYaonu,r "sGients uapr,e tfaokreg iyvoeunr, 'm aotr atnod sgaoy ,h o'mGee.t" uTph eann dt hwea lmka'n? gBoutt uIp waanndt wyeonut thoo mken.o w
Received on Tuesday, 28 January 2014 19:45:38 UTC