Firefox 50: Web Font Rendering Issue
Moderator: Barb@Invincea
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Firefox 50: Web Font Rendering Issue
With Firefox 50 running sandboxed, some font glyphs are not rendered correctly.
They are replaced by a square placeholder.
Examples:
https://www.mozilla.org/en-US/firefox/5 ... easenotes/
https://www.qwant.com
See attached screenshots.
When FFX 50 runs unsandboxed, the font glyphs are rendered correctly (!)
Please note that the "Untrusted Font Blocking" system mitigation is enabled (a new Windows 10 feature, see screenshot #3).
If this mitigation is disabled, the problem disappears (i.e. the glyphs are are always rendered
correctly, regardless of FFX running sandboxed or not).
Best regards
Spaceman Spiff
System Specs:
Sandboxie 5.14 (64 Bit)
Firefox 50.0 (64 Bit)
Windows 10 Anniversary Update 1607, fully patched (64 Bit)
They are replaced by a square placeholder.
Examples:
https://www.mozilla.org/en-US/firefox/5 ... easenotes/
https://www.qwant.com
See attached screenshots.
When FFX 50 runs unsandboxed, the font glyphs are rendered correctly (!)
Please note that the "Untrusted Font Blocking" system mitigation is enabled (a new Windows 10 feature, see screenshot #3).
If this mitigation is disabled, the problem disappears (i.e. the glyphs are are always rendered
correctly, regardless of FFX running sandboxed or not).
Best regards
Spaceman Spiff
System Specs:
Sandboxie 5.14 (64 Bit)
Firefox 50.0 (64 Bit)
Windows 10 Anniversary Update 1607, fully patched (64 Bit)
- Attachments
-
- Capture 3.png (31.15 KiB) Viewed 1627 times
-
- Capture 2.png (31.04 KiB) Viewed 1631 times
-
- Capture.png (64.24 KiB) Viewed 1631 times
Last edited by Spaceman Spiff on Tue Nov 15, 2016 5:06 pm, edited 2 times in total.
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Firefox 50: Font Glyph Rendering Issue
Hello Spaceman Spiff,
I just updated FF to v50 and I am not seeing this problem (I am using the same settings except that I have SBIE 5.15.4 (http://forums.sandboxie.com/phpBB3/view ... 59&t=23535) )
I also updated it on a Win 7 machine (just to test) running Sbie 5.14 and I do not see the issue either.
Can you try a different sandbox to test (or maybe delete the contents and try again) ?
Regards.
I just updated FF to v50 and I am not seeing this problem (I am using the same settings except that I have SBIE 5.15.4 (http://forums.sandboxie.com/phpBB3/view ... 59&t=23535) )
I also updated it on a Win 7 machine (just to test) running Sbie 5.14 and I do not see the issue either.
Can you try a different sandbox to test (or maybe delete the contents and try again) ?
Regards.
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Re: Firefox 50: Font Glyph Rendering Issue
First of all, thanks for the quick reply.
I just updated to SBIE 5.15.4 (so that we are on the same page). No change.
Just to be clear: Have you enabled the above mentioned Win 10 "Block Untrusted Fonts" mitigation?
(In can be enabled in the Group Policy Editor [Computer Config --> Admin. Templates --> System --> Mitigation Options], see screenshot #3).
Without that mitigation option the issue does not occur!
I added that info to my post a bit later after playing around with that particular mitigation option [disabling it]
because I figured it might be connected to that.
So perhaps you read an earlier version of the post ?
Additional Info #1: NO web fonts are rendered correctly, If I visit https://fonts.google.com , none of the web fonts are displayed in
a sandboxed Firefox, whereas they display correctly in an unsandboxed FFX. (Untrusted Font Blocking enabled in both cases of course)
Additional Info #2: I just tried a sandboxed (portable) Firefox 49.0.2 for comparison, with that version the web font rendering
does work as expected. So this is indeed a new issue.
All the best
Spaceman Spiff
I just updated to SBIE 5.15.4 (so that we are on the same page). No change.
Just to be clear: Have you enabled the above mentioned Win 10 "Block Untrusted Fonts" mitigation?
(In can be enabled in the Group Policy Editor [Computer Config --> Admin. Templates --> System --> Mitigation Options], see screenshot #3).
Without that mitigation option the issue does not occur!
I added that info to my post a bit later after playing around with that particular mitigation option [disabling it]
because I figured it might be connected to that.
So perhaps you read an earlier version of the post ?
Additional Info #1: NO web fonts are rendered correctly, If I visit https://fonts.google.com , none of the web fonts are displayed in
a sandboxed Firefox, whereas they display correctly in an unsandboxed FFX. (Untrusted Font Blocking enabled in both cases of course)
Additional Info #2: I just tried a sandboxed (portable) Firefox 49.0.2 for comparison, with that version the web font rendering
does work as expected. So this is indeed a new issue.
All the best
Spaceman Spiff
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Firefox 50: Font Glyph Rendering Issue
Alright, to clarify... When you select Untrusted Fonts, Firefox does not display certain fonts when Sandboxed [but it works fine outside of it]. Is this correct?
I have enabled "Untrusted Fonts Blocking", but I am still unable to repro the issue on Win 10 Pro x64. If you could provide more information as to how are you enabling this feature, that would be great.
Also, here's one thing to test: http://www.ghacks.net/2016/02/05/block- ... indows-10/ (check the exceptions part and see if that helps).
Regards.
I have enabled "Untrusted Fonts Blocking", but I am still unable to repro the issue on Win 10 Pro x64. If you could provide more information as to how are you enabling this feature, that would be great.
Also, here's one thing to test: http://www.ghacks.net/2016/02/05/block- ... indows-10/ (check the exceptions part and see if that helps).
Regards.
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Re: Firefox 50: Font Glyph Rendering Issue
ExactlyBarb@Invincea wrote:Alright, to clarify... When you select Untrusted Fonts, Firefox does not display certain fonts when Sandboxed [but it works fine outside of it]. Is this correct?
I enabled it via local Group Policy (see screenshot in the first post), but that shouldn't be of particular interest as setting the group policyBarb@Invincea wrote: I have enabled "Untrusted Fonts Blocking", but I am still unable to repro the issue on Win 10 Pro x64. If you could provide more information as to how are you enabling this feature, that would be great.
directly modifies exactly the same registry key that is mentioned in the gHacks article that you linked to. I attached a screenshot of the key I'm talking about.
But I did some more digging around and am zeroing in on the problem:
It only occurs if all of the following conditions are met:
a) Untrusted Font Blockig is enabled (as discussed above)
b) Firefox.exe is FORCED to run sandboxed (Sandboxie Settings-->Program Start--->Forced Programs: "firefox.exe")
If Firefox is started via Sandboxie's "Run Sandboxed..." command the web fonts display 100% correctly
So, could you please perhaps try to reproduce the problem by FORCING firefox.exe to run sandboxed ?
Thanks for your time and effort.
All the best,
Spaceman Spiff
- Attachments
-
- Kernel.png (29.89 KiB) Viewed 1555 times
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Firefox 50: Web Font Rendering Issue
Spaceman Spiff,
After some testing, what we are seeing is that once Untrusted Fonts is Enabled, both Host and SBIE Firefox will stop displaying the fonts.
It does not seem to be happening for Sandboxie only. Can you please restart your machine (if you haven't already) and let us know if the problem still occurs on Sandboxed Firefox only?
Also, just to compare, do you have any special fonts installed in your %windir%/Fonts folder? (Or any specific fonts settings in Firefox? )
Thanks!
After some testing, what we are seeing is that once Untrusted Fonts is Enabled, both Host and SBIE Firefox will stop displaying the fonts.
It does not seem to be happening for Sandboxie only. Can you please restart your machine (if you haven't already) and let us know if the problem still occurs on Sandboxed Firefox only?
Also, just to compare, do you have any special fonts installed in your %windir%/Fonts folder? (Or any specific fonts settings in Firefox? )
Thanks!
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Re: Firefox 50: Web Font Rendering Issue
Hmm, sorry if I sound ignorant, but could you please elaborate what you mean by that ? What do you mean by "host" ?Barb@Invincea wrote: After some testing, what we are seeing is that once Untrusted Fonts is Enabled, both Host and SBIE Firefox will stop displaying the fonts.
It does not seem to be happening for Sandboxie only.
I was talking about web fonts that are not displayed inside Firefox. Examples: http://fonts.google.com , http://http://fontawesome.io
I did not try any other applications. Those fonts are of course not installed locally. They are downloaded by FFX when displaying
a page that requires the fonts. I am not sure about how this works in detail.
And now for the interesting bit:
One would suppose that once "Untrusted Font Blocking" is enabled, none of these fonts would ever be displayed. After all, these are all "foreign"
(i.e. non-locally installed) fonts. But in Firefox, they have always been displayed properly before for me (in spite of the mitigation option "Block Untrusted Fonts"
being enabled). I have had this mitigation option enabled for at least 6 months now. No trouble before as far as FFX is concerned.
The only thing that's new for me is that they suddenly are no longer displayed if FFX 50.0 is FORCED into a sandbox.
--> FFX older than 50.0=always OK
--> Not FORCING FFX 50.0 into a sandbox, but starting it via "Run sandboxed" command ...=OK!
--> Unsandboxed FFX 50.0=also OK!)
Right now, I've switched to a sandboxed FFX that is "manually" launched with the "Run sandboxed..." command and all
web fonts display correctly. The mitigation is still enabled (of course).
Maybe FFX uses a different way of displaying the fonts. I.e. not relying on the age-old (and thus portenially risky) windows TTF/GDI+/whatever
font rendering routines that the "Untrusted Font Blocking" mitigation is supposed to well, mitigate . And maybe that way has changed in v50.0...
I'm at a loss here...
I restarted my computer plenty of times (really!) within the last 48 hours, I don't think its related to that. Of course, after enabling or disabling the mitigationBarb@Invincea wrote: Can you please restart your machine (if you haven't already) and let us know if the problem still occurs on Sandboxed Firefox only?
the OS has to be restarted for the option to take effect.
The reason for Microsoft to add this option to Windows 10 is that font rendering relies on some arcane/convoluted legacy code and nobody knows what
hidden evils (i.e. security holes) lurk beneath the surface of that code
Windows Font Folder: No special/additional fonts whatsoever except those installed by LibreOffice (Liberation fonts). I used to care about installing fancy TTF fontsBarb@Invincea wrote:Also, just to compare, do you have any special fonts installed in your %windir%/Fonts folder? (Or any specific fonts settings in Firefox? )
about 10 years ago, but not anymore. Special font settings in FFX: none
All the best,
Spaceman Spiff
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Firefox 50: Web Font Rendering Issue
Spaceman Spiff,
What I meant was if the issue also happens while not-sandboxed.
I tested this with both FF 32 bits and 64bits and the behavior is the same, it doesn't matter whether Firefoxt is sandboxed or not, if Untrusted Fonts policy is enabled, some icons/fonts do not load. I just wanted to confirm this behavior on your machine as well.
I have noticed a new folder in the Firefox installation that contains the Emoji Fonts. It seems that Firefox is trying to pull fonts from there first, thus "possibly" causing this issue. /Still looking into it (however, as stated before, this is looking more like a Firefox issue rather than a Sandboxie one).
Regards.
What I meant was if the issue also happens while not-sandboxed.
I tested this with both FF 32 bits and 64bits and the behavior is the same, it doesn't matter whether Firefoxt is sandboxed or not, if Untrusted Fonts policy is enabled, some icons/fonts do not load. I just wanted to confirm this behavior on your machine as well.
I have noticed a new folder in the Firefox installation that contains the Emoji Fonts. It seems that Firefox is trying to pull fonts from there first, thus "possibly" causing this issue. /Still looking into it (however, as stated before, this is looking more like a Firefox issue rather than a Sandboxie one).
Regards.
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Re: Firefox 50: Web Font Rendering Issue
Thanks for the clarification.Barb@Invincea wrote: What I meant was if the issue also happens while not-sandboxed.
I tested this with both FF 32 bits and 64bits and the behavior is the same, it doesn't matter whether Firefoxt is sandboxed or not, if Untrusted Fonts policy is enabled, some icons/fonts do not load. I just wanted to confirm this behavior on your machine as well. Regards.
For me the issue only occurs when FORCING Firefox 50.0 to run in a sandbox. Running an unsandboxed FFX, or using the SBIEs "Run sandboxed..." command,
the web fonts on fonts.google.com , fontawesome.io , and qwant.com all display correctly...
Again, I'm at a loss here, but what I find interesting is that forcing firefox.exe to run sandboxed via SBIE settings produces different results that using the "Run sandboxed ..."
command and then choosing firefox.exe manually. Very strange indeed...
-
- Sandboxie Support
- Posts: 2337
- Joined: Mon Nov 07, 2016 3:10 pm
Re: Firefox 50: Web Font Rendering Issue
Spaceman Spiff,
Forcing a program, or using right-click --> Run Sandboxed should not trigger different behaviors. Do you have any modifications made to your .ini file?
You may want to try to reinstall Firefox and see what happens, it seems strange that the policy only "works" inside the Sandbox for you (for me , as soon as I activate it, those fonts stop working both inside and outside Sbie).
Regards.
Forcing a program, or using right-click --> Run Sandboxed should not trigger different behaviors. Do you have any modifications made to your .ini file?
You may want to try to reinstall Firefox and see what happens, it seems strange that the policy only "works" inside the Sandbox for you (for me , as soon as I activate it, those fonts stop working both inside and outside Sbie).
Regards.
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Re: Firefox 50: Web Font Rendering Issue
First of all, let me thank you again for your effort and patience
I have made no manual modifications to the ini file.
- No sandbox: fonts OK
- Manually start FFX sandboxed (via shortcut): fonts OK
- Firefox.exe forced into a sandbox: fonts not OK
The web fonts did display correctly in Firefox on that machine as well.
(Note: Sandboxie wasn't installed on that computer, so I didn't test FFX sandboxed).
Anyway,
for now I have settled with launching FFX via a shortcut icon as this way the fonts display OK.
I can live with that workaround
Thanks,
Spaceman Spiff
Yeah, I figured that it should not make a difference. However, this is exactly what I'm seeing (behaviour as described above).Barb@Invincea wrote:Spaceman Spiff,
Forcing a program, or using right-click --> Run Sandboxed should not trigger different behaviors. Do you have any modifications made to your .ini file?
I have made no manual modifications to the ini file.
Well, I tried using a brand new (released today) FFX 50.0 PORTABLE. The behaviour is the same:Barb@Invincea wrote: You may want to try to reinstall Firefox and see what happens,
- No sandbox: fonts OK
- Manually start FFX sandboxed (via shortcut): fonts OK
- Firefox.exe forced into a sandbox: fonts not OK
This is indeed very strange. I tried enabling the policy on another Win 10 Pro computer today (via GPO).Barb@Invincea wrote: it seems strange that the policy only "works" inside the Sandbox for you (for me , as soon as I activate it, those fonts stop working both inside and outside Sbie).
The web fonts did display correctly in Firefox on that machine as well.
(Note: Sandboxie wasn't installed on that computer, so I didn't test FFX sandboxed).
Anyway,
for now I have settled with launching FFX via a shortcut icon as this way the fonts display OK.
I can live with that workaround
Thanks,
Spaceman Spiff
-
- Posts: 33
- Joined: Sat Aug 08, 2015 4:20 pm
Re: Firefox 50: Web Font Rendering Issue (Multiprocess FFX)
Just an update after doing more research:
I have disabled the untrusted font system mitigation for now. Consequently, all web fonts are displayed properly now.
So this update is not about the original issue.
But there seem to be general font rendering issues when FFX 50 is run sandboxed.
Even though all web fonts are now displayed, fonts in general don't seem to be antialiased properly.
They seem a bit jagged, similar to when fonts are rendered without cleartype.
This definitely seems to be connected to the new Firefox "E10S / Electrolysis" multiprocess architecture.
When FFX multiprocess is disabled (browser.tabs.remote.autostart=FALSE), all fonts are always rendered and antialiased properly (i.e. regardless of FFX being sandboxed or not).
When FFX multiprocess is enabled, fonts are only antialiased properly if FFX is run unsandboxed. In a sandbox, the fonts are not antialiased nicely.
I just thought that this bit of information might of some use. I know that Sandboxie is not 100% compatible with FFX multiprocess yet,
so the info that there might be some font-related issues when FFX multiprocess and SBIE are combined might be helpful for the near future
All the best,
Spaceman Spiff
PS: I have got a hunch:
I know that the "old-style" GDI+ font rendering & antialiasing looks worse that the "new-style" Direct2D/DirectWrite font rendering & antialiasing.
I have a feeling that the above mentioned issue has something to do with a sandboxed FFX (with multiprocess enabled) falling back to the worse-looking GDI+ rendering.
That might also explain the original "untrusted fonts mitigation issue". AFAIK, the mitigation only prevents the GDI+ subsystem from loading
untrusted fonts. So if FFX falls back to GDI+, no untrusted web fonts are shown (and, on top of that, the fonts look worse). If multiprocess is disabled
or FFX is run unsandboxed, A newer font rendering mechanism (Direct2D/DirectWrite) is used, which provides much crisper fonts and to which the
untrusted font mitigation does not apply.
Attachment: 2 Screenshots, 300% Zoom level in firefox, showing the nice antialiasing and the worse antialiasing
I have disabled the untrusted font system mitigation for now. Consequently, all web fonts are displayed properly now.
So this update is not about the original issue.
But there seem to be general font rendering issues when FFX 50 is run sandboxed.
Even though all web fonts are now displayed, fonts in general don't seem to be antialiased properly.
They seem a bit jagged, similar to when fonts are rendered without cleartype.
This definitely seems to be connected to the new Firefox "E10S / Electrolysis" multiprocess architecture.
When FFX multiprocess is disabled (browser.tabs.remote.autostart=FALSE), all fonts are always rendered and antialiased properly (i.e. regardless of FFX being sandboxed or not).
When FFX multiprocess is enabled, fonts are only antialiased properly if FFX is run unsandboxed. In a sandbox, the fonts are not antialiased nicely.
I just thought that this bit of information might of some use. I know that Sandboxie is not 100% compatible with FFX multiprocess yet,
so the info that there might be some font-related issues when FFX multiprocess and SBIE are combined might be helpful for the near future
All the best,
Spaceman Spiff
PS: I have got a hunch:
I know that the "old-style" GDI+ font rendering & antialiasing looks worse that the "new-style" Direct2D/DirectWrite font rendering & antialiasing.
I have a feeling that the above mentioned issue has something to do with a sandboxed FFX (with multiprocess enabled) falling back to the worse-looking GDI+ rendering.
That might also explain the original "untrusted fonts mitigation issue". AFAIK, the mitigation only prevents the GDI+ subsystem from loading
untrusted fonts. So if FFX falls back to GDI+, no untrusted web fonts are shown (and, on top of that, the fonts look worse). If multiprocess is disabled
or FFX is run unsandboxed, A newer font rendering mechanism (Direct2D/DirectWrite) is used, which provides much crisper fonts and to which the
untrusted font mitigation does not apply.
Attachment: 2 Screenshots, 300% Zoom level in firefox, showing the nice antialiasing and the worse antialiasing
- Attachments
-
- This shows the worse antialiasing in a sandboxed *multiprocess* FFX (taken at 300% zoom level in FFX).
- Worse Antialiasing.png (31.44 KiB) Viewed 1361 times
-
- This shows the nice antialiasing in a sandboxed *single-process* FFX (also taken at 300% zoom level in FFX).
- Better Antialiasing.png (69.34 KiB) Viewed 1361 times
Who is online
Users browsing this forum: No registered users and 1 guest