CVE-2020-6812 — Sensitive Information Exposure in Mozilla Firefox
Severity
5.3MEDIUMNVD
OSV8.8OSV6.5
EPSS
0.6%
top 31.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Latest updateMay 24
Description
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages9 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.10
🔴Vulnerability Details
6GHSA▶
GHSA-vh23-x25h-2wfm: The first time AirPods are connected to an iPhone, they become named after the user's name by default (e↗2022-05-24
OSV▶
CVE-2020-6812: The first time AirPods are connected to an iPhone, they become named after the user's name by default (e↗2020-03-25
CVEList▶
CVE-2020-6812: The first time AirPods are connected to an iPhone, they become named after the user's name by default (e↗2020-03-25
📋Vendor Advisories
8💬Community
1Bugzilla▶
CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission↗2020-03-10