Firefox will no longer load fonts!
I create the occasional website, purely amateur. For some reason Firefox will no longer load fonts. The fonts load just fine on the internet, ie. once the webpage is loaded onto the server, but won't load while I'm editing the webpages on my computer. Stylesheets, scripts, images load with no problem. This just started happening, never had this problem with Firefox before and every other major browser is still loading the fonts just fine (?). I prefer to work with Firefox, but this is an issue.
الحل المُختار
Hi digitatum, Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info:
- https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp
- https://www.mozilla.org/security/advisories/mfsa2019-21/#CVE-2019-11730
There will be an exception in Firefox 70 for font files; that might also make it into Firefox 69. For now, through, you could consider rolling back the patch as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste uniq and pause while the list is filtered
(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false
To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.
Read this answer in context 👍 0All Replies (1)
الحل المُختار
Hi digitatum, Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info:
- https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp
- https://www.mozilla.org/security/advisories/mfsa2019-21/#CVE-2019-11730
There will be an exception in Firefox 70 for font files; that might also make it into Firefox 69. For now, through, you could consider rolling back the patch as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste uniq and pause while the list is filtered
(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false
To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.