[Bug 405581] Re: NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: mozilla-noscript (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/405581 Title: NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntuone-servers/+bug/405581/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
** Summary changed: - Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule + NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/405581 Title: NoScript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntuone-servers/+bug/405581/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Thanks MG, nommex, and Abel Cheung. That did the trick. -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Thank you Abel for the ABE rule! I created a new FAQ for this: https://answers.edge.launchpad.net/ubuntuone-client/+faq/957 As a result, I'm marking this bug as Won't Fix, as this bug is specific to NoScript users and there is a good workaround. ** Changed in: ubuntuone-servers Status: Triaged => Won't Fix ** Description changed: + A workaround is documented at: https://answers.launchpad.net/ubuntuone- + client/+faq/957 + When setting up Ubuntu One, if you have the No-Script firefox extension, No-Script will prevent execution of the page that allows you to 'Confirm Device Access'. As a workaround, go into the NoScript options and temporarily disable the SYSTEM ruleset in the Advanced > ABE tab. -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
On Thu, 2010-02-04 at 20:58 +, Abel Cheung wrote: > Mine only allows GET requests from one.ubuntu.com to local private IP Wise, thanks Abel. -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
@nomnex Mine only allows GET requests from one.ubuntu.com to local private IP, instead of allowing all kinds of requests. -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Abel, what difference between the 2 rule syntaxes? Maone gives the former on his forum see [1] [1] http://forums.informaction.com/viewtopic.php?f=7&t=3156 -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Instead of throwing out the baby with bath water, the following SYSTEM ABE rule can be a bit more fine grained: Site LOCAL Accept from LOCAL Accept GET from one.ubuntu.com Deny -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
Change your SYSTEM ABE rules to this: # Prevent Internet sites from requesting LAN resources. Site LOCAL Accept from LOCAL Site one.ubuntu.com Accept Deny It'll fix your problem. -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
This might be to simple, but I would rather you just ask me what I want to call the computer, then you take that name and display it to me, and use the guid internally if you need to. I think you could just use the name I give you and check its unique within my account, by all means if there is no error suggest the machine name to me in the dialog box, however warn me before you potentially set off the SW I rely on to catch bad sites I stumble on, I immediately don't trust Ubuntu-one once noscript flags it. Personally I would much rather have no-script than UbuntuOne if I have to chose. -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 405581] Re: Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule
** Summary changed: - Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access' + Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule -- Noscript brings up XSS and ABE bugs; blocking U1 'Confirm Device Access'---document workaround rule https://bugs.launchpad.net/bugs/405581 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs