Verified Commit e9f23088 authored by Pier Angelo Vendrame's avatar Pier Angelo Vendrame 🎃
Browse files

Bug 41116: Normalize system fonts. 

System fonts are an enormous fingerprinting vector.
Even with font allow lists and with our custom configuration on Linux,
which counter metrics measurements, getComputedStyle leaks several
details.
This patch counters both these kinds of attacks.
parent 4139872a

gfx/thebes/gfxPlatformFontList.cpp

+8 −0
Original line number Diff line number Diff line
@@ -1933,6 +1933,14 @@ static void GetSystemUIFontFamilies([[maybe_unused]] nsAtom* aLangGroup, 
  nsFont systemFont;

  gfxFontStyle fontStyle;

  nsAutoString systemFontName;

  if (nsContentUtils::ShouldResistFingerprinting()) {

#ifdef XP_MACOSX

    *aFamilies.AppendElement() = "-apple-system"_ns;

#else

    *aFamilies.AppendElement() = "sans-serif"_ns;

#endif

    return;

  }

  if (!LookAndFeel::GetFont(StyleSystemFont::Menu, systemFontName, fontStyle)) {

    return;

  }

layout/base/nsLayoutUtils.cpp

+41 −1
Original line number Diff line number Diff line
@@ -9683,7 +9683,47 @@ void nsLayoutUtils::ComputeSystemFont(nsFont* aSystemFont, 
                                      const Document* aDocument) {

  gfxFontStyle fontStyle;

  nsAutoString systemFontName;

  if (!LookAndFeel::GetFont(aFontID, systemFontName, fontStyle)) {

  if (aDocument->ShouldResistFingerprinting()) {

#if defined(XP_MACOSX)

    systemFontName = u"-apple-system"_ns;

    // Values taken from a macOS 10.15 system.

    switch (aFontID) {

      case LookAndFeel::FontID::Caption:

      case LookAndFeel::FontID::Menu:

        fontStyle.size = 13;

        break;

      case LookAndFeel::FontID::SmallCaption:

        fontStyle.weight = gfxFontStyle::FontWeight(700);

        // fall-through

      case LookAndFeel::FontID::MessageBox:

      case LookAndFeel::FontID::StatusBar:

        fontStyle.size = 11;

        break;

      default:

        fontStyle.size = 12;

        break;

    }

#elif defined(XP_WIN) || defined(MOZ_WIDGET_ANDROID)

    // Windows uses Segoe UI for Latin alphabets, but other fonts for some RTL

    // languages, so we fallback to sans-serif to fall back to the user's

    // default sans-serif. Size is 12px for all system fonts (tried in an en-US

    // system).

    // Several Android systems reported Roboto 12px, so similar to what Windows

    // does.

    systemFontName = u"sans-serif"_ns;

    fontStyle.size = 12;

#else

    // On Linux, there is not a default. For example, GNOME on Debian uses

    // Cantarell, 14.667px. Ubuntu Mate uses the Ubuntu font, but also 14.667px.

    // Fedora with KDE uses Noto Sans, 13.3333px, but it uses Noto Sans on

    // GNOME, too.

    // In general, Linux uses some sans-serif, but its size can vary between

    // 12px and 16px. We chose 15px because it is what Firefox is doing for the

    // UI font-size.

    systemFontName = u"sans-serif"_ns;

    fontStyle.size = 15;

#endif

  } else if (!LookAndFeel::GetFont(aFontID, systemFontName, fontStyle)) {

    return;

  }

  systemFontName.Trim("\"'");