You can tell Firefox to not load any images at all. Re: fonts, I mean like this: https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-2012-0515 not positive but I think not allowing websites to load their own fonts prevents attacks like this, as they require the user to load a malicious font. In firefox you can prevent websites from setting the font and force it to use a default font, which I think but am not certain prevents all or at least most of the font based attacks. If you know otherwise let me know. here is another: https://www.redhat.com/archives/enterprise-watch-list/2012-April/msg00016.html