default font seems seems to leak system locale information
I recently changed the default system locale on my GNU Linux system, and I noticed that afterwards the default font used on web pages in Tor Browser had changed (I didn't change the version/language of Tor Browser).
I suppose that this means that an attacker can guess a user's locale based on the font used to display a page.