CVE-2026-12068

Summary

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.

This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

Affected Software

VendorProductVersion RangeStatus
Gen DigitalAvira Password Manager*affected

Weaknesses

  • CWE-669: CWE-669 Incorrect Resource Transfer Between Contexts

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References