4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
46.8%
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard
which, if enabled, will record data copied to the clipboard to the cloud,
and make it available on other computers in certain scenarios. Applications
that wish to prevent copied data from being recorded in Cloud History must
use specific clipboard formats; and Firefox before versions 94 and ESR 91.3
did not implement them. This could have caused sensitive data to be
recorded to a user’s Microsoft account. This bug only affects Firefox for
Windows 10+ with Cloud Clipboard enabled. Other operating systems are
unaffected.. This vulnerability affects Firefox < 94, Thunderbird < 91.3,
and Firefox ESR < 91.3.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
launchpad.net/bugs/cve/CVE-2021-38505
nvd.nist.gov/vuln/detail/CVE-2021-38505
security-tracker.debian.org/tracker/CVE-2021-38505
www.cve.org/CVERecord?id=CVE-2021-38505
www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505
www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
46.8%