Main Vulnerability Database Vulnerabilities #VU25857

#VU25857 Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2020-6812

Published: March 10, 2020 / Updated: March 10, 2020

Vulnerability identifier: #VU25857

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6812

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/
https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/