Hello friends, I am using custom css’ on my Librewolf. Downloaded FF-ULTIMA and it looks cool. I have looked at its all .css files as stranger for css. As far as my view, there is no problem but can these css files cause any security or privacy vulnerability? Like, being injectable or the creator of theme can track us or not? It may seem a funny question but idk much about css language. Just wanted to asking. Am I safe with it?

  • @[email protected]
    link
    fedilink
    English
    56 months ago

    It’s probably safe, but if the CSS loads images via URLs, it’s possible that the owner of those URLs is able to track generic metrics about usage or even replace the images arbitrarily to drastically change the theme.

    • @MrOtherGuy
      link
      English
      55 months ago

      Yeah, loading any external resources - I would think fonts even more so than images - is potentially risky. In addition, there is somewhat realistic possibility for browser fingerprinting if you use some style that makes browser viewport size atypical.

      I can’t think of any actual security issues other than those. Otherwise the worst that a style could do is crash the browser, to make it utterly unusable or make it super slow. But those are all recoverable by simply trashing userChrome.css and restarting Firefox.

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        Any external resource is definitely correct. I didn’t think about fonts, but some types allow embedded code to assist with rendering and I suppose that could be a vector. I was more thinking about tracking pixels, but I’m really not sure how big any of those risks are in a theme.

        I personally wouldn’t be worried about them, but I also don’t run themes. Browser extensions on the other hand …