Bug#582146: /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/i386/libnpjp2.so: browser plugin reporting of system fonts is a privacy leak
Thiemo Nagel
thiemo.nagel at googlemail.com
Thu May 27 08:56:30 UTC 2010
Torsten Werner wrote:
> But a unique user can still be an anonymous user. Did I miss anything?
> Can you read my name, address, sex, birthday, ... from a font list in a
> magic way?
Sure, you're right. I can think of two malicious uses: Either the font
list can be used as a kind of cookie, aggregating information about the
user across different web sites. Or a user may be tricked into
installing a font with a customised name which then may be used to
identify that user anywhere.
Cheers, Thiemo
More information about the pkg-java-maintainers
mailing list