Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Network-delivered via a malicious page, no auth needed, but requires user interaction to trigger autofill; credentials cross origin (S:C) with confidentiality-only impact.
Primary rating from Vendor (GEN).
CVSS VectorVendor: GEN
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.
This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.
AnalysisAI
Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) the victim to have Avira Password Manager installed in Firefox with credentials saved for the targeted origin, (2) the victim to visit an attacker-controlled page that successfully embeds a cross-origin iframe referencing or impersonating the targeted login form, (3) user interaction with the page sufficient to trigger autofill (UI:R in the CVSS vector), and (4) the targeted site to NOT set X-Frame-Options: DENY or CSP frame-ancestors restrictions that would block being iframed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N paints a serious confidentiality-only picture: network-reachable, low complexity, no privileges, but requires user interaction (likely clicking or focusing a form) and produces a scope change as credentials cross origin boundaries. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a phishing or watering-hole page that embeds a victim site's login form in a hidden or visually disguised cross-origin iframe; when the user visits and interacts with the page (UI:R), Avira Password Manager autofills credentials into attacker-controlled fields that the extension incorrectly selects, and the attacker exfiltrates them via the parent frame. No public exploit is identified at time of analysis, but the attack pattern is well-known from prior password manager iframe disclosure research. |
| Remediation | Patch available per vendor advisory - update Avira Password Manager to the version published in Gen Digital's security advisories at https://www.gendigital.com/us/en/contact-us/security-advisories/; an exact fixed version is not specified in the supplied data and should be confirmed against that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Notify all users with Avira Password Manager Firefox extension to immediately disable it and switch to alternative password managers (e.g., Bitwarden, 1Password, KeePass) with current security patches applied. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36632
GHSA-h53c-vv76-w4w5