← back
CVE-2026-12068

Avira Password Manager credential disclosure via cross-origin autofill in Firefox

CVSS 7.4 HIGHEPSS 0.3%CWE-669
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Affected products
Gen Digital · Avira Password Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.gendigital.com/us/en/contact-us/security-advisories/