Firefox 50: Web Font Rendering Issue

[Spaceman Spiff]

With Firefox 50 running sandboxed, some font glyphs are not rendered correctly.
They are replaced by a square placeholder.

Examples:
https://www.mozilla.org/en-US/firefox/5 ... easenotes/
https://www.qwant.com

See attached screenshots.

When FFX 50 runs unsandboxed, the font glyphs are rendered correctly (!)

Please note that the "Untrusted Font Blocking" system mitigation is enabled (a new Windows 10 feature, see screenshot #3).
If this mitigation is disabled, the problem disappears (i.e. the glyphs are are always rendered
correctly, regardless of FFX running sandboxed or not).

Best regards
Spaceman Spiff

System Specs:
Sandboxie 5.14 (64 Bit)
Firefox 50.0 (64 Bit)
Windows 10 Anniversary Update 1607, fully patched (64 Bit)

[Barb@Invincea]

Hello Spaceman Spiff,

I just updated FF to v50 and I am not seeing this problem (I am using the same settings except that I have SBIE 5.15.4 (http://forums.sandboxie.com/phpBB3/view ... 59&t=23535) )
I also updated it on a Win 7 machine (just to test) running Sbie 5.14 and I do not see the issue either.

Can you try a different sandbox to test (or maybe delete the contents and try again) ?

Regards.

[Spaceman Spiff]

First of all, thanks for the quick reply.

I just updated to SBIE 5.15.4 (so that we are on the same page). No change.

Just to be clear: Have you enabled the above mentioned Win 10 "Block Untrusted Fonts" mitigation?
(In can be enabled in the Group Policy Editor [Computer Config --> Admin. Templates --> System --> Mitigation Options], see screenshot #3).

Without that mitigation option the issue does not occur!

I added that info to my post a bit later after playing around with that particular mitigation option [disabling it]
because I figured it might be connected to that.

So perhaps you read an earlier version of the post ?

Additional Info #1: NO web fonts are rendered correctly, If I visit https://fonts.google.com , none of the web fonts are displayed in
a sandboxed Firefox, whereas they display correctly in an unsandboxed FFX. (Untrusted Font Blocking enabled in both cases of course)

Additional Info #2: I just tried a sandboxed (portable) Firefox 49.0.2 for comparison, with that version the web font rendering
does work as expected. So this is indeed a new issue.

All the best
Spaceman Spiff

[Barb@Invincea]

Alright, to clarify... When you select Untrusted Fonts, Firefox does not display certain fonts when Sandboxed [but it works fine outside of it]. Is this correct?

I have enabled "Untrusted Fonts Blocking", but I am still unable to repro the issue on Win 10 Pro x64. If you could provide more information as to how are you enabling this feature, that would be great.

Also, here's one thing to test: http://www.ghacks.net/2016/02/05/block- ... indows-10/ (check the exceptions part and see if that helps).

Regards.

[Spaceman Spiff]

Alright, to clarify... When you select Untrusted Fonts, Firefox does not display certain fonts when Sandboxed [but it works fine outside of it]. Is this correct?

Exactly

I have enabled "Untrusted Fonts Blocking", but I am still unable to repro the issue on Win 10 Pro x64. If you could provide more information as to how are you enabling this feature, that would be great.

I enabled it via local Group Policy (see screenshot in the first post), but that shouldn't be of particular interest as setting the group policy
directly modifies exactly the same registry key that is mentioned in the gHacks article that you linked to. I attached a screenshot of the key I'm talking about.


But I did some more digging around and am zeroing in on the problem:

It only occurs if all of the following conditions are met:

a) Untrusted Font Blockig is enabled (as discussed above)
b) Firefox.exe is FORCED to run sandboxed (Sandboxie Settings-->Program Start--->Forced Programs: "firefox.exe")

If Firefox is started via Sandboxie's "Run Sandboxed..." command the web fonts display 100% correctly

So, could you please perhaps try to reproduce the problem by FORCING firefox.exe to run sandboxed ?


Thanks for your time and effort.
All the best,

Spaceman Spiff

[Barb@Invincea]

Spaceman Spiff,

After some testing, what we are seeing is that once Untrusted Fonts is Enabled, both Host and SBIE Firefox will stop displaying the fonts.
It does not seem to be happening for Sandboxie only. Can you please restart your machine (if you haven't already) and let us know if the problem still occurs on Sandboxed Firefox only?

Also, just to compare, do you have any special fonts installed in your %windir%/Fonts folder? (Or any specific fonts settings in Firefox? )

Thanks!

[Spaceman Spiff]

After some testing, what we are seeing is that once Untrusted Fonts is Enabled, both Host and SBIE Firefox will stop displaying the fonts.
It does not seem to be happening for Sandboxie only.

Hmm, sorry if I sound ignorant, but could you please elaborate what you mean by that ? What do you mean by "host" ?

I was talking about web fonts that are not displayed inside Firefox. Examples: http://fonts.google.com , http://http://fontawesome.io

I did not try any other applications. Those fonts are of course not installed locally. They are downloaded by FFX when displaying
a page that requires the fonts. I am not sure about how this works in detail.

And now for the interesting bit:

One would suppose that once "Untrusted Font Blocking" is enabled, none of these fonts would ever be displayed. After all, these are all "foreign"
(i.e. non-locally installed) fonts. But in Firefox, they have always been displayed properly before for me (in spite of the mitigation option "Block Untrusted Fonts"
being enabled). I have had this mitigation option enabled for at least 6 months now. No trouble before as far as FFX is concerned.

The only thing that's new for me is that they suddenly are no longer displayed if FFX 50.0 is FORCED into a sandbox.

--> FFX older than 50.0=always OK
--> Not FORCING FFX 50.0 into a sandbox, but starting it via "Run sandboxed" command ...=OK!
--> Unsandboxed FFX 50.0=also OK!)

Right now, I've switched to a sandboxed FFX that is "manually" launched with the "Run sandboxed..." command and all
web fonts display correctly. The mitigation is still enabled (of course).

Maybe FFX uses a different way of displaying the fonts. I.e. not relying on the age-old (and thus portenially risky) windows TTF/GDI+/whatever
font rendering routines that the "Untrusted Font Blocking" mitigation is supposed to well, mitigate . And maybe that way has changed in v50.0...
I'm at a loss here...

Can you please restart your machine (if you haven't already) and let us know if the problem still occurs on Sandboxed Firefox only?

I restarted my computer plenty of times (really!) within the last 48 hours, I don't think its related to that. Of course, after enabling or disabling the mitigation
the OS has to be restarted for the option to take effect.

The reason for Microsoft to add this option to Windows 10 is that font rendering relies on some arcane/convoluted legacy code and nobody knows what
hidden evils (i.e. security holes) lurk beneath the surface of that code

Also, just to compare, do you have any special fonts installed in your %windir%/Fonts folder? (Or any specific fonts settings in Firefox? )

Windows Font Folder: No special/additional fonts whatsoever except those installed by LibreOffice (Liberation fonts). I used to care about installing fancy TTF fonts
about 10 years ago, but not anymore. Special font settings in FFX: none

All the best,
Spaceman Spiff

[Barb@Invincea]

Spaceman Spiff,

What I meant was if the issue also happens while not-sandboxed.

I tested this with both FF 32 bits and 64bits and the behavior is the same, it doesn't matter whether Firefoxt is sandboxed or not, if Untrusted Fonts policy is enabled, some icons/fonts do not load. I just wanted to confirm this behavior on your machine as well.

I have noticed a new folder in the Firefox installation that contains the Emoji Fonts. It seems that Firefox is trying to pull fonts from there first, thus "possibly" causing this issue. /Still looking into it (however, as stated before, this is looking more like a Firefox issue rather than a Sandboxie one).

Regards.

[Spaceman Spiff]

What I meant was if the issue also happens while not-sandboxed.

I tested this with both FF 32 bits and 64bits and the behavior is the same, it doesn't matter whether Firefoxt is sandboxed or not, if Untrusted Fonts policy is enabled, some icons/fonts do not load. I just wanted to confirm this behavior on your machine as well. Regards.

Thanks for the clarification.

For me the issue only occurs when FORCING Firefox 50.0 to run in a sandbox. Running an unsandboxed FFX, or using the SBIEs "Run sandboxed..." command,
the web fonts on fonts.google.com , fontawesome.io , and qwant.com all display correctly...

Again, I'm at a loss here, but what I find interesting is that forcing firefox.exe to run sandboxed via SBIE settings produces different results that using the "Run sandboxed ..."
command and then choosing firefox.exe manually. Very strange indeed...

[Barb@Invincea]

Spaceman Spiff,

Forcing a program, or using right-click --> Run Sandboxed should not trigger different behaviors. Do you have any modifications made to your .ini file?
You may want to try to reinstall Firefox and see what happens, it seems strange that the policy only "works" inside the Sandbox for you (for me , as soon as I activate it, those fonts stop working both inside and outside Sbie).

Regards.

[Spaceman Spiff]

First of all, let me thank you again for your effort and patience

Spaceman Spiff,
Forcing a program, or using right-click --> Run Sandboxed should not trigger different behaviors. Do you have any modifications made to your .ini file?

Yeah, I figured that it should not make a difference. However, this is exactly what I'm seeing (behaviour as described above).
I have made no manual modifications to the ini file.

You may want to try to reinstall Firefox and see what happens,

Well, I tried using a brand new (released today) FFX 50.0 PORTABLE. The behaviour is the same:

- No sandbox: fonts OK
- Manually start FFX sandboxed (via shortcut): fonts OK
- Firefox.exe forced into a sandbox: fonts not OK

it seems strange that the policy only "works" inside the Sandbox for you (for me , as soon as I activate it, those fonts stop working both inside and outside Sbie).

This is indeed very strange. I tried enabling the policy on another Win 10 Pro computer today (via GPO).
The web fonts did display correctly in Firefox on that machine as well.
(Note: Sandboxie wasn't installed on that computer, so I didn't test FFX sandboxed).

Anyway,

for now I have settled with launching FFX via a shortcut icon as this way the fonts display OK.
I can live with that workaround

Thanks,
Spaceman Spiff

[Spaceman Spiff]

Just an update after doing more research:

I have disabled the untrusted font system mitigation for now. Consequently, all web fonts are displayed properly now.
So this update is not about the original issue.


But there seem to be general font rendering issues when FFX 50 is run sandboxed.
Even though all web fonts are now displayed, fonts in general don't seem to be antialiased properly.
They seem a bit jagged, similar to when fonts are rendered without cleartype.

This definitely seems to be connected to the new Firefox "E10S / Electrolysis" multiprocess architecture.

When FFX multiprocess is disabled (browser.tabs.remote.autostart=FALSE), all fonts are always rendered and antialiased properly (i.e. regardless of FFX being sandboxed or not).
When FFX multiprocess is enabled, fonts are only antialiased properly if FFX is run unsandboxed. In a sandbox, the fonts are not antialiased nicely.

I just thought that this bit of information might of some use. I know that Sandboxie is not 100% compatible with FFX multiprocess yet,
so the info that there might be some font-related issues when FFX multiprocess and SBIE are combined might be helpful for the near future

All the best,
Spaceman Spiff

PS: I have got a hunch:

I know that the "old-style" GDI+ font rendering & antialiasing looks worse that the "new-style" Direct2D/DirectWrite font rendering & antialiasing.
I have a feeling that the above mentioned issue has something to do with a sandboxed FFX (with multiprocess enabled) falling back to the worse-looking GDI+ rendering.

That might also explain the original "untrusted fonts mitigation issue". AFAIK, the mitigation only prevents the GDI+ subsystem from loading
untrusted fonts. So if FFX falls back to GDI+, no untrusted web fonts are shown (and, on top of that, the fonts look worse). If multiprocess is disabled
or FFX is run unsandboxed, A newer font rendering mechanism (Direct2D/DirectWrite) is used, which provides much crisper fonts and to which the
untrusted font mitigation does not apply.

Attachment: 2 Screenshots, 300% Zoom level in firefox, showing the nice antialiasing and the worse antialiasing