Clipboard data might be leaking
Some preliminary testing in #10285 (closed) comment 1 showed that websites might listen at least to the paste event and obtain user sensitive data this way. A quick workaround is setting "dom.event.clipboardevents.enabled" to "false".
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information