Main Vulnerability Database Vulnerabilities #VU25857

Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2020-6812

Published: March 10, 2020 / Updated: March 10, 2020

Vulnerability identifier: #VU25857

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6812

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox ESR

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name.

How to mitigate CVE-2020-6812

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/
https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/

Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2020-6812

Detailed vulnerability description

How to mitigate CVE-2020-6812

Sources

Please verify you're human