Binary package hint: gnome-control-center
Nautilus normally uses gnome-thumbnail-font, to provide font previews. Eg:
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/enable
$ gconftool-2 -g /desktop/gnome/thumbnailers/application@x-font-ttf/command
gnome-thumbnail-font %u %o
If a flaw is discovered in a font library or Gnome and a user navigates to a directory that has a malicious font file, gnome-thumbnail-font could be used to execute arbitrary code, write out to files or leak information. Providing an apparmor profile for gnome-thumbnail-font would be a good step towards proactively protecting the user from this sort of attack.
The same can be said for other thumbnailers. Nautilus also uses totem-video-thumbnail and evince-thumbnailer (evince-thumbnailer has an apparmor profile already). For images, nautilus uses gdk-pixbuf routines via gnome-desktop, but these can be altered to use evince-thumbnailer by installing schema files for the various image mime-types and updating gnome-desktop to not fallback to gdk-pixbuf on thumbnail script error.