CVE-2026-12068
7.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.
This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gen Digital | Avira Password Manager | * | affected |
Weaknesses
- CWE-669: CWE-669 Incorrect Resource Transfer Between Contexts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.