CVE-2020-6812

EPSS 1.6%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

25 mar 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

Productos afectados

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.mozilla.org/show_bug.cgi?id=1616661 https://usn.ubuntu.com/4328-1/https://usn.ubuntu.com/4335-1/https://www.mozilla.org/security/advisories/mfsa2020-08/https://www.mozilla.org/security/advisories/mfsa2020-09/https://www.mozilla.org/security/advisories/mfsa2020-10/