Re: [tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 Replying to [comment:3 dcent]:
 > Is anyone at Guardian Project able to follow this up with the NoScript
 developer(s) or direct the NoScript developer(s) over here?

 The Guardian Project is not related to NoScript.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 Replying to [comment:2 Yeti]:
 > IMHO malicious fonts can be harmful. I didn't check this behaviour but
 if it's true, this is more a NoScript-issue.

 What is a malicious font?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

2020-02-26 Thread Tor Bug Tracker & Wiki 
#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Yeti):

 I think you should discuss this better here:
 https://forums.informaction.com/viewforum.php?f=3

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

2020-02-25 Thread Tor Bug Tracker & Wiki 
#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by dcent):

 As issue with NoScript is by extension an issue with Tor Browser.

 It's easy to reproduce as stated in the ticket, but if you have any
 further questions I'd be happy to answer.

 Is anyone at Guardian Project able to follow this up with the NoScript
 developer(s) or direct the NoScript developer(s) over here?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

2020-02-24 Thread Tor Bug Tracker & Wiki 
#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Yeti):

 IMHO malicious fonts can be harmful. I didn't check this behaviour but if
 it's true, this is more a NoScript-issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33430 [Applications/Tor Browser]: Fonts can be injected into a website via CSS (as base64 encoded application)

2020-02-24 Thread Tor Bug Tracker & Wiki 
#33430: Fonts can be injected into a website via CSS (as base64 encoded
application)
--+--
 Reporter:  dcent |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 And how exactly is this a fingerprinting (or security) issue?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs