You are not logged in.

#1 2017-05-01 23:49:57

teika
Member
From: Japan
Registered: 2011-05-23
Posts: 45
Website

[Almost solved] Freetype's vulnerability vs Webfont?

EDIT:
The conclusion is: disable Webfont in your browser.

Firefox and chromium depend on freetype. Recently not few vulnerabilites were found in freetype. (They've already been fixed in the source repository, but a release is not yet done, as of today, 4 May.) So Webfont may be harmful.

Disclaimer: This reasoning is rough. No guarantee for correctness.

The original message:
Recently there were freetype's vulnerabilities, e.g. this and this. (In Gentoo, they are not fixed yet.) Does it mean you have to disable webfonts to be safe? (You can disable browsers' webfonts by NoScript extension.)

Regards.

Last edited by teika (2017-05-04 12:07:55)


Easy Shift / Ctrl / AltGr ... hack; save your pinkies, type without drudgery.
YYYY-MM-DD, period. (Have you ever used the Internet?)

Offline

#2 2017-05-02 13:49:15

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 10,398

Re: [Almost solved] Freetype's vulnerability vs Webfont?

Only two of them appear to be valid for arch linux : https://security.archlinux.org/

For me personally noscript is the first extension i install in  firefox and it has blocked webfonts on my systems since a few days after noscript got that option.
(allowing webfonts made websites LESS readable for me).

given the description, people without noscript should consider switch to -git versions of freetype .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

Board footer

Powered by FluxBB