Bug 1812204 (CVE-2020-6812)
| Summary: | CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | cschalle, gecko-bugs-nobody, jhorak, security-response-team, stransky |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 68.6, thunderbird 68.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-16 10:32:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1809421, 1809422, 1809423, 1809424, 1809425, 1809426, 1813109, 1813110, 1813111, 1813112, 1813113, 1813114 | ||
| Bug Blocks: | 1809419 | ||
|
Description
msiddiqu
2020-03-10 18:43:38 UTC
Acknowledgments: Name: the Mozilla project Upstream: Jan-Ivar Bruaroey This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0815 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0816 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-6812 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0819 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0820 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0905 https://access.redhat.com/errata/RHSA-2020:0905 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0918 https://access.redhat.com/errata/RHSA-2020:0918 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0919 https://access.redhat.com/errata/RHSA-2020:0919 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0914 https://access.redhat.com/errata/RHSA-2020:0914 |