Font characters are missing or replaced with images in "Strict" ETP mode
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
People
(Reporter: joshas, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
15.94 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0
Steps to reproduce:
Visit a website with "Enhanced Tracking Protection" set to "Strict". Here's an example: https://jsfiddle.net/4Lrdkc91/
Actual results:
Following, and probably many other Unicode characters are displayed incorrectly. E.g.
U+2714 ✔ Heavy Check Mark - displayed as icon (emoji?)
U+2718 ✘ Heavy Ballot X - displayed as box with 2718 inside
U+276F ❯ Heavy Right-Pointing Angle Quotation Mark Ornament - displayed as box with 276F inside
Expected results:
Looks like blocking "fingerprinters" causes this issue. It was working correctly in previous version of Firefox, so one might assume that some improvements were made here, that resulted in such defect.
It would be interesting to hear explanation, why and how disabling some unicode characters helps to prevent fingerprinting. Also, maybe there is some way to work around incorrectly rendered characters, by using some "default" font, that won't hint any malicious actors what font was actually used?
Comment 1•7 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 2•7 months ago
|
||
The font fingerprinting protection causes this. We only allow system and language pack fonts for sites in ETP strict and private browsing mode to prevent websites from using font fingerprinting to track users.
Description
•