CVE-2021-38505
Description
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a users Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Mozilla Firefox ESR (91) (x64) (91.3.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox ESR (91) (91.3.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (94.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (94.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Thunderbird (91) (x64) (91.3.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Thunderbird (91) (91.3.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (94.0.1) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (94.0.2) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 91.3 | Mac |
| Multiple Vulnerabilities are affected in Firefox ESR for Mac 91.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 91.2 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 93.0 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 91.2 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 91.3 | Mac |
| SUSE-SU-2021:3721-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-91.3.0-112.80.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3721-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debuginfo-91.3.0-112.80.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3721-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debugsource-91.3.0-112.80.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3721-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-devel-91.3.0-112.80.2.x86_64.rpm | Linux |
| SUSE-SU-2021:3721-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-translations-common-91.3.0-112.80.2.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-322237 | Mozilla Firefox (94.0) |
| PATCH-322238 | Mozilla Firefox (x64) (94.0) |
| PATCH-322245 | Mozilla Thunderbird (91) (x64) (91.3.0) |
| PATCH-322244 | Mozilla Thunderbird (91) (91.3.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234