Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#8270 closed enhancement (fixed)

Exempt @font-face fonts from font limits; prefer them over local fonts

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: tbb-fingerprinting, tbb-usability-website, MikePerry201302
Cc: Actual Points: 15
Parent ID: Points:
Reviewer: Sponsor:


Our font limiting patch currently applies its limits to both local and remote fonts. Before #7937, this was fine, because we blocked remote fonts. However, now that we've decided to lift that block, we should exempt @font-face fonts from our limits, since they don't contribute to fingerprinting. Additionally, if they are present in a font rule that also contains local fonts, they should be used instead of local fonts.

Child Tickets

Change History (3)

comment:1 Changed 8 years ago by mikeperry

Actual Points: 15
Resolution: fixed
Status: newclosed

This change was rolled into Fairly simple change. The bulk of my time was spent wading through CSS rule parsing+evaluating code and trying random things that didn't work (until I arrived at this solution).

comment:2 Changed 8 years ago by gacar


Font-face rules may have local URL's (src/local) and this may be used to load unlimited number of local fonts per document. See demo at:

When I visit above URL with TBB 2.3.25-5 on Ubuntu 12.04 (with default settings) I can see my local fonts loaded (more than 5 of them).

Also, font-face's local/url fallback mechanism may be used to report fonts that are not found on the system. All without JS.

Adding some JS, one can possibly enumerate fonts with width-height ("flippingtypical") detection.

See <uri> at

comment:3 Changed 8 years ago by mikeperry

Thanks for the heads up. We were wondering about something like this in #8455. I updated that bug with your test url.

Note: See TracTickets for help on using tickets.