CVE-2020-6812
Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
La primera vez que los AirPods se conectaron a un iPhone, se venían nombrando con el nombre del usuario por defecto (por ejemplo, los AirPods de Jane Doe). Los sitios web con permiso de cámara o micrófono pueden enumerar los nombres de los dispositivos, revelando el nombre del usuario. Para resolver este problema, Firefox agregó un caso especial que renombra los dispositivos que contienen la subcadena "AirPods" a simplemente "AirPods". Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.6, Firefox versiones anteriores a 74, Firefox versiones anteriores a ESR68.6 y Firefox ESR versiones anteriores a 68.6.
The Mozilla Foundation Security Advisory describes this flaw as:
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-10 CVE Reserved
- 2020-03-12 CVE Published
- 2024-07-19 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/4328-1 | 2023-02-23 | |
https://usn.ubuntu.com/4335-1 | 2023-02-23 | |
https://www.mozilla.org/security/advisories/mfsa2020-08 | 2023-02-23 | |
https://www.mozilla.org/security/advisories/mfsa2020-09 | 2023-02-23 | |
https://www.mozilla.org/security/advisories/mfsa2020-10 | 2023-02-23 | |
https://access.redhat.com/security/cve/CVE-2020-6812 | 2020-03-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1812204 | 2020-03-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 74.0 Search vendor "Mozilla" for product "Firefox" and version " < 74.0" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 68.6.0 Search vendor "Mozilla" for product "Firefox Esr" and version " < 68.6.0" | - |
Affected
| ||||||
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 68.6.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 68.6.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
|