NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Bug #405581 reported by
Stephen
This bug affects 19 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu One Servers |
Won't Fix
|
Medium
|
Unassigned | ||
mozilla-noscript (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
A workaround is documented at: https:/
When setting up Ubuntu One, if you have the No-Script firefox extension, No-Script will prevent execution of the page that allows you to 'Confirm Device Access'. As a workaround, go into the NoScript options and temporarily disable the SYSTEM ruleset in the Advanced > ABE tab.
affects: | ubuntuone-client → ubunet |
summary: |
- No-Script prevents Ubuntu One setup + No-Script prevents Ubuntu One blocks 'Confirm Device Access' setup page |
summary: |
- No-Script prevents Ubuntu One blocks 'Confirm Device Access' setup page + No-Script prevents Ubuntu One 'Confirm Device Access' page |
summary: |
- No-Script prevents Ubuntu One 'Confirm Device Access' page + No-Script prevents Ubuntu One 'Confirm Device Access' page blocked by + No-Script |
summary: |
- No-Script prevents Ubuntu One 'Confirm Device Access' page blocked by - No-Script + Ubuntu One 'Confirm Device Access' page blocked by No-Script |
tags: | added: desktop+ |
Changed in ubunet: | |
assignee: | nobody → Joshua Blount (jblount) |
status: | New → Triaged |
summary: |
- Ubuntu One 'Confirm Device Access' page blocked by No-Script + Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access' |
Changed in ubunet: | |
assignee: | Joshua Blount (jblount) → nobody |
Changed in ubunet: | |
importance: | Undecided → Medium |
summary: |
Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access' + ---document workaround rule |
summary: |
- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access' + NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access' ---document workaround rule |
To post a comment you must log in.
The specific reason this is happening is that page retrieves the local hostname in order to present a human readable default name for the machine that is being added. Previously we used non-intuitive guid strings, which were not terribly easy to tell apart.