CVE-2021-38505

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 94 Thunderbird versions prior to 91.3 Firefox ESR versions prior to 91.3

Description The issue concerns the Cloud Clipboard feature in Windows 10, which records data copied to the clipboard to the cloud, making it available on other computers in certain scenarios. Applications must use specific clipboard formats to prevent copied data from being recorded in Cloud History. However, Firefox did not implement these formats in versions prior to 94 and ESR 91.3, potentially causing sensitive data to be recorded to a user's Microsoft account. This issue only affects Firefox for Windows 10 and later with Cloud Clipboard enabled, and does not impact other operating systems.

Recommendations For Firefox versions prior to 94, update to version 94 or later to resolve the issue. For Thunderbird versions prior to 91.3, update to version 91.3 or later to resolve the issue. For Firefox ESR versions prior to 91.3, update to version 91.3 or later to resolve the issue. As a temporary workaround, consider disabling the Cloud Clipboard feature in Windows 10 settings until the issue is resolved.