The Firefox 94 browser has recently undergone an issue wherein people’s usernames and passwords were recorded in the Cloud Clipboard feature of Windows. Nonetheless, Mozilla has released a patch into this issue, categorizing it as a severe security risk that can expose users’ credentials to threat actors as they copy or cut their usernames and passwords.
Last November, the fix was issued with Mozilla’s Firefox 94 and was only explained in detail by the tech firm’s developers in December. The update has mainly repaired the bug related to the Windows Cloud Clipboard feature, wherein users can synchronize their clipboard history to their Microsoft accounts.
Users can access the cloud clipboard section by clicking the Windows + ‘V’ keys shortcut upon enabling the feature. They will be granted access to data pasted in the clipboard from all devices. With its clipboard history capabilities, users can also see all items they cut or copied and then paste the same items again for new purposes – which many IT staff find helpful in tasks.
From the blog post regarding the update’s details, Mozilla explained that they had improved the Firefox browser in a way that the usernames and passwords copied from its ‘about:login’ password section will not be stored in the Windows Cloud Clipboard feature and would rather be stored into the computer locally with a separate clipboard section.
Without the update, Mozilla stressed that the bug could be dangerous for Firefox 94 users since threat actors who have access to a synced device can press the Windows + V keys shortcut and intrude on any clipboard data of the users’ past activity on all linked devices.
The bug is considered dangerous because hackers can easily get away since there will be no trails in local logs about their access or viewing data from the Cloud Clipboard, including the passwords.
From these issues, Mozilla said that they had also added protection to Private Browsing so users will be safer in their browsing preferences, and nothing copied from a Firefox private tab will be auto-synced to the Windows Cloud Clipboard.
Security experts also tested the update using a Firefox 95 browser, confirming the tech firm’s claims that user credentials do not synchronize to the Windows Cloud Clipboard anymore.
For users who extensively use other Chromium browsers, experts advise them to be extra cautious because the update did not include the mentioned browser in the protection. Therefore, their credentials remain unsafe from the bug’s threats to the Windows Cloud Clipboard.