#VU57879 Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2021-38505
Published: November 2, 2021
Vulnerability identifier: #VU57879
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-38505
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Firefox ESR
Mozilla Firefox
Firefox ESR
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to absence of support for a new feature in Windows 10 known as Cloud Clipboard that, if enabled, will record data copied to the clipboard to the
cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats, which were not implemented in previous versions of Firefox and Firefox ESR.
Remediation
Install updates from vendor's website.