Reply to post: "And this is why I have blocked all fonts for the last fifteen years."

It's April 2018 – and Patch Tuesday shows Windows security is still foiled by fiendish fonts

LDS Silver badge

"And this is why I have blocked all fonts for the last fifteen years."

This is something that should be available directly into browsers, because it's a clear attack vector.

Only approved sites should be able to use custom fonts - untrusted ones should have any custom font replaced with the standard serif/sans serif/monospace one.

Then there's the issue of documents with embedded fonts. Again, these should be flagged, and there should be an option to open them with the font(s) replaced.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020