CVE-2020-6812
N/A
N/A
Summary
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Thunderbird | unspecified < 68.6 | affected |
| Mozilla | Firefox | unspecified < 74 | affected |
| Mozilla | Firefox | unspecified < ESR68.6 | affected |
| Mozilla | Firefox ESR | unspecified < 68.6 | affected |
Weaknesses
- The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2020-08/
- https://www.mozilla.org/security/advisories/mfsa2020-10/
- https://www.mozilla.org/security/advisories/mfsa2020-09/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
- https://usn.ubuntu.com/4328-1/
- https://usn.ubuntu.com/4335-1/
References
- https://www.mozilla.org/security/advisories/mfsa2020-08/
- https://www.mozilla.org/security/advisories/mfsa2020-10/
- https://www.mozilla.org/security/advisories/mfsa2020-09/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
- https://usn.ubuntu.com/4328-1/
- https://usn.ubuntu.com/4335-1/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.