Add option to block remote fonts
Firefox 3.6.1 recently fell prey to a remote font exploit. In firefox 3.5, the browser began accepting fonts remotely from websites. The problem is that the truetype font engine is ancient code - code rewritten from pascal into non-reentrant C, and then rewritten again into reentrant C. This code is extremely cryptic and hard to maintain and review, and probably wasn't written with the threat model of unsafe and malicious remote input in mind. It's a security nightmare waiting to rain down more vulnerabilities like this.
My personal feeling is that this means we should ship with NoScript in a good default configuration for Tor Browser Bundle. However, I would be willing to accept patches to our nsIContentPolicy to optionally block remote fonts as an alternative.
[Automatically added by flyspray2trac: Operating System: All]