Fonts not displaying correctly in Firefox (macOS 15 Beta) after blocking Suspected Fingerprinters (Mojibake)
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
People
(Reporter: patrick_matezewski1, Assigned: fkilic)
References
(Blocks 2 open bugs)
Details
Attachments
(4 files)
|
17.68 KB,
image/png
|
Details | |
|
347.05 KB,
image/png
|
Details | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
dmeehan
:
approval-mozilla-esr128+
|
Details | Review |
@zyxxofficial Follows you.png
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0
Steps to reproduce:
on the X (twitter) website, certain peoples names don't display correctly if they use special characters, and no unicode characters display either. This is on the macOS 15 Beta
Actual results:
It shows a bunch of boxes instead
Expected results:
The words should have displayed properly
|
||
Comment 1•6 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Widget: Cocoa' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Updated•6 months ago
|
This started happening for me today, for the first time, after upgrading to Sequoia. Interestingly, my Firefox profile is synced to two Sequoia machines and one Sonoma machine, and it is only present on the Sequoia machines. The Sonoma machine displays the fonts properly.
FYI, the fix that worked for me was to disable blocking of Suspected Fingerprinters.
Since updating to macOS 15.0, I’ve had the same problem on several different, unrelated websites.
I tested on two different Macs with Firefox 130.0.1 (arm) installed. Both started having this issue around the time of the Sequoia update.
There seems to be an issue with Unicode characters. For example, here are some "math symbols" in UTF-8 (U+1D5E7 U+1D5D8 U+1D5E6 U+1D5E7): 𝗧𝗘𝗦𝗧
On Safari on the same machine, I see TEST. On Firefox 130.0.1 on Fedora, I see TEST. However, on the same Firefox version on the latest macOS 15.0, it’s only the Unicode notation (U+1D5E7 U+1D5D8 U+1D5E6 U+1D5E7) in squares.
|
||
Comment 6•2 months ago
|
||
Hi, the bug also occurred to me, and turning off Suspected Fingerprinters as @dredd did also fixed it. Ideally, I'd like to keep that setting on, though.
Dennis, please assign someone to look into this and/or assign it to the Privacy: Anti-Tracking component. People keep creating threads about it on Reddit.
|
||
Comment 8•2 months ago
|
||
|
|
||
Updated•2 months ago
|
|
||
Updated•2 months ago
|
|
||
Updated•1 month ago
|
|
|
||
Updated•1 month ago
|
|
||
Comment 9•1 month ago
|
||
Console log:
Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. markup.js:250:53
Cookie “idclient” has been rejected for invalid domain. account
Cookie warnings 23
Cookie “awat” has been rejected for invalid domain. account
Cookie “aidsp” has been rejected for invalid domain. account
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb3432457731/dist/assets/shared-icons.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb3432457731/dist/assets/shared-icons.woff
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb3432457731/dist/assets/shared-icons.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb2470739161/dist/assets/shared-icons.eot. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb3432457731/dist/assets/shared-icons.woff
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:0): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb2470739161/dist/assets/shared-icons.eot
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb3537100279/dist/assets/shared-icons.ttf. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:2): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb3537100279/dist/assets/shared-icons.ttf
downloadable font: no supported format found (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:4) source: (end of source list)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb3432457731/dist/assets/shared-icons.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb2470739161/dist/assets/shared-icons.eot. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb3432457731/dist/assets/shared-icons.woff
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:0): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb2470739161/dist/assets/shared-icons.eot
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://appleid.cdn-apple.com/static/bin/cb3537100279/dist/assets/shared-icons.ttf. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://appleid.apple.com’).
downloadable font: download failed (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:2): bad URI or cross-site access not allowed source: https://appleid.cdn-apple.com/static/bin/cb3537100279/dist/assets/shared-icons.ttf
downloadable font: no supported format found (font-family: "shared-icons" style:normal weight:400 stretch:100 src index:4) source: (end of source list)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.apple.com/search-services/suggestions/defaultlinks/?src=globalnav&locale=en_US. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
Cookie “aid” has been rejected for invalid domain. jslog
Cookie “idclient” has been rejected for invalid domain. jslog
Cookie “aid” has been rejected for invalid domain. jslog
Cookie “idclient” has been rejected for invalid domain. jslog
XML Parsing Error: no root element found
Location: https://appleid.apple.com/account/create/land
Line Number 1, Column 1: land:1:1
|
||
Updated•1 month ago
|
|
||
Comment 10•1 month ago
|
||
This is generating a lot of reports on reddit. Tom, are we tracking this?
|
|
||
Updated•1 month ago
|
|
Assignee | |
Comment 11•1 month ago
•
|
||
Apple registration page issue looks like a CORS issue. Chrome also doesn't render those question mark signs properly (also CORS issue). Safari, however, loads it with no problem. I checked http requests, and I think the only difference is, Safari makes the request with no-cors while both chrome and firefox makes it as cors. I'm not sure if this is the reason, but at least the Apple registration page issue is about CORS and not about FPP.
I can reproduce the issues though.
|
|
||
Updated•1 month ago
|
|
|
||
Updated•1 month ago
|
|
|
Assignee | |
Comment 12•1 month ago
|
||
Missing font is Stix Two Math. Adding it to gfx/thebes/StandardFonts-macos.inc fixes the issue. However, I'm not sure about the availability of this font. Apple's documentation is not very clear (see https://support.apple.com/kb/index?page=search&q=Fonts%20included%20with%20macOS&product=&doctype=¤tPage=1&includeArchived=false&locale=en_IN&src=globalnav_support&type=organic). They list STIX Two Math under either Downloadable or Installed or downloadable fonts. So I'm not sure if it comes installed.
We may ship STIX Two Math if it is not present, but I'm not sure how to detect a missing font and install a new font. I'll take a look at it.
|
|
||
Comment 13•1 month ago
•
|
||
Some anecdotal data on the font. It appears to be part of macOS's "supplemental" font list.
On a macOS 12.6 fresh install on a VM, I don't see it installed. But it is listed in Font Book as installable. On the VM, I never previously ran the Font Book app or elected to install any extra fonts.
After upgrading it to macOS 13.7, I see it present at /System/Library/Fonts/Supplemental/STIXTwoMath.otf so it appears to have been installed as part of upgrading to macOS 13. Some articles online say that starting with macOS 13, supplemental fonts are always installed and can't be removed, only deactivated.
If we need a definite answer, we can reach out to our Apple contact.
|
|
Assignee | |
Comment 14•1 month ago
|
||
|
||
Updated•1 month ago
|
|
|
||
Updated•1 month ago
|
|
|
Assignee | |
Comment 15•1 month ago
|
||
(In reply to Haik Aftandilian [:haik] from comment #13)
Some anecdotal data on the font. It appears to be part of macOS's "supplemental" font list.
On a macOS 12.6 fresh install on a VM, I don't see it installed. But it is listed in
Font Bookas installable. On the VM, I never previously ran theFont Bookapp or elected to install any extra fonts.After upgrading it to macOS 13.7, I see it present at
/System/Library/Fonts/Supplemental/STIXTwoMath.otfso it appears to have been installed as part of upgrading to macOS 13. Some articles online say that starting with macOS 13, supplemental fonts are always installed and can't be removed, only deactivated.If we need a definite answer, we can reach out to our Apple contact.
Thank you for this info. :tjr also noted according to this MDN page, "If you are using macOS Ventura (version 13) or higher, then STIX Two Math is already pre-installed and you can skip the steps below."
I wrote a patch based on the major version, so if the version is 13.0.0 or above, we'll enable Stix Two Math
|
||
Comment 16•21 days ago
|
||
|
||
Comment 17•21 days ago
|
||
Backed out for causing mass failures @ ClearOnShutdown.h.
- Backout link
- Push with failures
- Failure Log
- Failure line:
Assertion failure: NS_IsMainThread(), at /builds/worker/workspace/obj-build/dist/include/mozilla/ClearOnShutdown.h:115
|
|
||
Comment 19•20 days ago
|
||
|
||
Updated•20 days ago
|
|
||
Comment 20•19 days ago
|
||
| bugherder | ||
|
|
||
Comment 23•14 days ago
|
||
(In reply to Tom S [:evilpie] from comment #22)
Can we not take this for beta?
It's an S3 bug, not new in 133, and adding new logic.
However, I can review an uplift request if :fkilic/:tjr (patch reviewer) thinks it's low risk and add a beta uplift request.
|
|
Assignee | |
Comment 24•14 days ago
|
||
I don't think we have seen any crashes etc. in nightly so far. There isn't anything that throws error either (in non-debug at least). I think it is a low risk patch, but I'll also ask :tjr
|
||
Comment 25•14 days ago
|
||
I think it is safe to uplift and accelerates the fix. I also think it's probably worth being S2.
|
|
||
Comment 26•14 days ago
|
||
(In reply to Fatih Kilic [:fkilic] from comment #24)
I don't think we have seen any crashes etc. in nightly so far. There isn't anything that throws error either (in non-debug at least). I think it is a low risk patch, but I'll also ask :tjr
(In reply to Tom Ritter [:tjr] from comment #25)
I think it is safe to uplift and accelerates the fix. I also think it's probably worth being S2.
Please attach a beta uplift request and I can review.
You should add an esr128 uplift request also, we would have looked for one after some time in beta/release.
|
|
Assignee | |
Comment 27•14 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D226945
|
|
||
Updated•14 days ago
|
|
|
||
Comment 28•14 days ago
|
||
beta Uplift Approval Request
- User impact if declined: Users won't be able to see some characters in ETP Strict on MacOS
- Code covered by automated testing: no
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: On MacOS, enable privacy.fingerprintingProtection, visit https://x.com/milan_milanovic/status/1843261486828777980, check if the first line of code is visible
- Risk associated with taking this patch: I can't think of anything
- Explanation of risk level: N/A
- String changes made/needed: No
- Is Android affected?: yes
|
|
||
Updated•14 days ago
|
|
|
||
Updated•14 days ago
|
|
|
||
Comment 29•14 days ago
|
||
| uplift | ||
|
||
Updated•14 days ago
|
|
||
Updated•13 days ago
|
|
||
Comment 30•12 days ago
|
||
Reproduced the issue on firefox 129.0a1 (2024-06-13) on macOS 15.1 by following the link provided in Comment 28.
The issue is fixed on Firefox 133.0b9 (treeherder build) and Firefox 134.0a1 (2024-11-14) on the same system.
|
||
Updated•11 days ago
|
|
|
||
Comment 31•11 days ago
|
||
Comment on attachment 9437113 [details]
Bug 1902570: Enable "Stix Two Math" on macOS 13 and above. r?tjr
Approved for 128.5esr.
|
|
||
Comment 32•11 days ago
|
||
| uplift | ||
|
||
Comment 33•7 days ago
|
||
This issue has been verified as fixed in the latest ESR build, 128.5.0, on macOS 15. Updating the remaining flags as well.
Description
•