Skip to main content

Avira Password Manager

1 CVEs product

Monthly

CVE-2026-12068 HIGH This Week

Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.

Information Disclosure Apple Microsoft Mozilla Avira Password Manager
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH This Week

Cross-origin credential disclosure in Avira Password Manager's Firefox extension allows a malicious site embedding the targeted page in an iframe to harvest credentials that the extension autofills into the parent context. The flaw stems from incorrect autofill field selection and affects Windows, macOS, and Linux installations; no public exploit identified at time of analysis but the CVSS 7.4 (S:C/C:H) score reflects the cross-origin trust boundary violation.

Information Disclosure Apple Microsoft +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy