Bug 1812204 (CVE-2020-6812) - CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
Summary: CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable info...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-6812
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1809421 1809422 1809423 1809424 1809425 1809426 1813109 1813110 1813111 1813112 1813113 1813114
Blocks: 1809419
TreeView+ depends on / blocked
 
Reported: 2020-03-10 18:43 UTC by msiddiqu
Modified: 2021-02-16 20:29 UTC (History)
5 users (show)

Fixed In Version: firefox 68.6, thunderbird 68.6
Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.
Clone Of:
Environment:
Last Closed: 2020-03-16 10:32:07 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0815 0 None None None 2020-03-16 09:16:16 UTC
Red Hat Product Errata RHSA-2020:0816 0 None None None 2020-03-16 09:46:49 UTC
Red Hat Product Errata RHSA-2020:0819 0 None None None 2020-03-16 10:45:40 UTC
Red Hat Product Errata RHSA-2020:0820 0 None None None 2020-03-16 13:38:38 UTC
Red Hat Product Errata RHSA-2020:0905 0 None None None 2020-03-19 11:49:34 UTC
Red Hat Product Errata RHSA-2020:0914 0 None None None 2020-03-23 08:48:50 UTC
Red Hat Product Errata RHSA-2020:0918 0 None None None 2020-03-23 08:30:55 UTC
Red Hat Product Errata RHSA-2020:0919 0 None None None 2020-03-23 08:39:25 UTC

Description msiddiqu 2020-03-10 18:43:38 UTC
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.)  Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812

Comment 1 msiddiqu 2020-03-10 18:43:42 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Jan-Ivar Bruaroey

Comment 2 errata-xmlrpc 2020-03-16 09:16:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0815

Comment 3 errata-xmlrpc 2020-03-16 09:46:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0816

Comment 4 Product Security DevOps Team 2020-03-16 10:32:07 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6812

Comment 5 errata-xmlrpc 2020-03-16 10:45:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0819

Comment 6 errata-xmlrpc 2020-03-16 13:38:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0820

Comment 7 errata-xmlrpc 2020-03-19 11:49:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0905 https://access.redhat.com/errata/RHSA-2020:0905

Comment 8 errata-xmlrpc 2020-03-23 08:30:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0918 https://access.redhat.com/errata/RHSA-2020:0918

Comment 9 errata-xmlrpc 2020-03-23 08:39:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0919 https://access.redhat.com/errata/RHSA-2020:0919

Comment 10 errata-xmlrpc 2020-03-23 08:48:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0914 https://access.redhat.com/errata/RHSA-2020:0914


Note You need to log in before you can comment on or make changes to this bug.