5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.3%
The first time AirPods are connected to an iPhone, they become named after
the user’s name by default (e.g. Jane Doe’s AirPods.) Websites with camera
or microphone permission are able to enumerate device names, disclosing the
user’s name. To resolve this issue, Firefox added a special case that
renames devices containing the substring ‘AirPods’ to simply ‘AirPods’.
This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox <
ESR68.6, and Firefox ESR < 68.6.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 74.0+build3-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | firefox | < 74.0+build3-0ubuntu0.19.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | firefox | < 74.0+build3-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2020-6812
nvd.nist.gov/vuln/detail/CVE-2020-6812
security-tracker.debian.org/tracker/CVE-2020-6812
ubuntu.com/security/notices/USN-4299-1
ubuntu.com/security/notices/USN-4328-1
ubuntu.com/security/notices/USN-4335-1
www.cve.org/CVERecord?id=CVE-2020-6812
www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.3%