Описание
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
The Mozilla Foundation Security Advisory describes this flaw as:
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 5 | firefox | Out of support scope | ||
Red Hat Enterprise Linux 5 | thunderbird | Out of support scope | ||
Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2020:0816 | 16.03.2020 |
Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2020:0914 | 23.03.2020 |
Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2020:0815 | 16.03.2020 |
Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2020:0905 | 19.03.2020 |
Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2020:0820 | 16.03.2020 |
Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2020:0919 | 23.03.2020 |
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | firefox | Fixed | RHSA-2020:0819 | 16.03.2020 |
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2020:0918 | 23.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
The first time AirPods are connected to an iPhone, they become named a ...
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
EPSS
6.1 Medium
CVSS3