{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "74", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "ESR68.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6."}], "problemTypes": [{"descriptions": [{"description": "The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:06:54", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-08/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-10/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-09/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1616661"}, {"name": "USN-4328-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4328-1/"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-6812", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.6"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "74"}, {"version_affected": "<", "version_value": "ESR68.6"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.6"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-08/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-08/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-10/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-10/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-09/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-09/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1616661", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1616661"}, {"name": "USN-4328-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4328-1/"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:05.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-08/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-10/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-09/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1616661"}, {"name": "USN-4328-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4328-1/"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-6812", "datePublished": "2020-03-25T21:12:19", "dateReserved": "2020-01-10T00:00:00", "dateUpdated": "2024-08-04T09:11:05.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AC2847A-B7E3-4002-8236-F908BBF7272A", "versionEndExcluding": "74.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "871F8DB5-A145-4DE5-8FE1-D6E985405702", "versionEndExcluding": "68.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "307B69F7-FC78-4A8A-8395-CEC8AF21C56A", "versionEndExcluding": "68.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6."}, {"lang": "es", "value": "La primera vez que los AirPods se conectaron a un iPhone, se ven\u00edan nombrando con el nombre del usuario por defecto (por ejemplo, los AirPods de Jane Doe). Los sitios web con permiso de c\u00e1mara o micr\u00f3fono pueden enumerar los nombres de los dispositivos, revelando el nombre del usuario. Para resolver este problema, Firefox agreg\u00f3 un caso especial que renombra los dispositivos que contienen la subcadena \"AirPods\" a simplemente \"AirPods\". Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.6, Firefox versiones anteriores a 74, Firefox versiones anteriores a ESR68.6 y Firefox ESR versiones anteriores a 68.6."}], "id": "CVE-2020-6812", "lastModified": "2023-02-23T02:23:27.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-25T22:15:12.873", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1616661"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4328-1/"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-08/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-09/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-10/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jan-Ivar Bruaroey as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:0816", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.6.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-03-16T00:00:00Z"}, {"advisory": "RHSA-2020:0914", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.6.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0815", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.6.0-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-16T00:00:00Z"}, {"advisory": "RHSA-2020:0905", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.6.0-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-19T00:00:00Z"}, {"advisory": "RHSA-2020:0820", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.6.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-03-16T00:00:00Z"}, {"advisory": "RHSA-2020:0919", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.6.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0819", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:68.6.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-03-16T00:00:00Z"}, {"advisory": "RHSA-2020:0918", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.6.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-03-23T00:00:00Z"}], "bugzilla": {"description": "Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission", "id": "1812204", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812204"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'."], "name": "CVE-2020-6812", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-6812\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6812\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812"], "threat_severity": "Moderate", "upstream_fix": "thunderbird 68.6, firefox 68.6"}