Avira Password Manager credential disclosure via cross-origin autofill in Firefox

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Description

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.

This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

Basic Information

ID CVE-2026-12068

Source GEN

Published Jun 12, 2026 at 22:19

Affected Product

Vendor Gen Digital

Product Avira Password Manager

Version *

Affected Versions Gen Digital Avira Password Manager *

CWE Classification

CWE-669

References

www.gendigital.com /us/en/contact-us/security-advisories/

{
    "lastseen": "",
    "description": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\n\nThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.",
    "published": "2026-06-12T22:19:18.986Z",
    "modified": "2026-06-12T22:19:18.986Z",
    "type": "cve",
    "title": "Avira Password Manager credential disclosure via cross-origin autofill in Firefox",
    "source": "GEN",
    "references": "https://www.gendigital.com/us/en/contact-us/security-advisories/",
    "id": "CVE-2026-12068",
    "bulletinFamily": "",
    "cwe": [
        "CWE-669"
    ],
    "cvelist": null,
    "sourceData": "Gen Digital Avira Password Manager *",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Avira Password Manager",
    "version": "*",
    "vendor": "Gen Digital",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Avira Password Manager credential disclosure via cross-origin autofill in Firefox_CVE-2026-12068