PT-2020-19240 · Apple+6 · Iphone+9

Jan-Ivar Bruaroey

·

Published

2020-03-10

·

Updated

2024-12-12

·

CVE-2020-6812

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 74 Firefox ESR versions prior to 68.6 Thunderbird versions prior to 68.6
Description A issue exists where websites with camera or microphone permission can enumerate device names, potentially disclosing the user's name, particularly when AirPods are connected to an iPhone and named by default with the user's name.
Recommendations For Firefox versions prior to 74, update to version 74 or later to resolve the issue. For Firefox ESR versions prior to 68.6, update to version 68.6 or later to resolve the issue. For Thunderbird versions prior to 68.6, update to version 68.6 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2020-1461
ALT-PU-2020-1485
ALT-PU-2020-1486
ALT-PU-2020-1493
ALT-PU-2020-1515
ALT-PU-2020-2408
ALT-PU-2020-2933
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-3368
CESA-2020_0815
CESA-2020_0816
CESA-2020_0820
CESA-2020_0905
CESA-2020_0914
CESA-2020_0919
CVE-2020-6812
DLA-2140-1
DLA-2150-1
DSA-4639-1
DSA-4642-1
MGASA-2020-0141
MGASA-2020-0142
OPENSUSE-SU-2020:0340-1
OPENSUSE-SU-2020:0366-1
OPENSUSE-SU-2020_0340-1
OPENSUSE-SU-2020_0366-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:0815
RHSA-2020:0816
RHSA-2020:0819
RHSA-2020:0820
RHSA-2020:0905
RHSA-2020:0914
RHSA-2020:0918
RHSA-2020:0919
RHSA-2020_0815
RHSA-2020_0816
RHSA-2020_0820
RHSA-2020_0905
RHSA-2020_0914
RHSA-2020_0919
SUSE-SU-2020:0686-1
SUSE-SU-2020:0717-1
SUSE-SU-2020:0721-1
SUSE-SU-2020:14312-1
USN-4299-1
USN-4328-1
USN-4335-1

Affected Products

Alt Linux
Airpods
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu
Iphone