CVE-2020-6812

MEDIUM

Firefox < 74.0 and Firefox ESR < 68.6.0 - Exposure of Sensitive Information via AirPods Device Name Enumeration

Title source: llm
STIX 2.1

Description

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

References (6)

Core 6
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4328-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4335-1/

Scores

CVSS v3 5.3
EPSS 0.0058
EPSS Percentile 69.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (6)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
mozilla/firefox < 74.0
mozilla/firefox_esr < 68.6.0
mozilla/thunderbird < 68.6.0
Published Mar 25, 2020
Tracked Since Feb 18, 2026