Sergey Galich

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 106 **Description** The issue is related to the Form Manager component of Firefox, which stores usernames in an unencrypted file on disk, instead of using the Password Manager component that utilizes encryption. This could allow a remote attacker to disclose protected information. The `username` is the specific variable affected by this issue. **Recommendations** For versions prior to 106, update to version 106 or later to resolve the issue. As a temporary workaround, consider restricting access to the Form Manager component until a patch is available. Avoid using the Form Manager for saving logins until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 94 Thunderbird versions prior to 91.3 Firefox ESR versions prior to 91.3 **Description** The issue concerns the Cloud Clipboard feature in Windows 10, which records data copied to the clipboard to the cloud, making it available on other computers in certain scenarios. Applications must use specific clipboard formats to prevent copied data from being recorded in Cloud History. However, Firefox did not implement these formats in versions prior to 94 and ESR 91.3, potentially causing sensitive data to be recorded to a user's Microsoft account. This issue only affects Firefox for Windows 10 and later with Cloud Clipboard enabled, and does not impact other operating systems. **Recommendations** For Firefox versions prior to 94, update to version 94 or later to resolve the issue. For Thunderbird versions prior to 91.3, update to version 91.3 or later to resolve the issue. For Firefox ESR versions prior to 91.3, update to version 91.3 or later to resolve the issue. As a temporary workaround, consider disabling the Cloud Clipboard feature in Windows 10 settings until the issue is resolved.