Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-12068
PUBLISHED
More InfoOfficial Page
Assigner-GEN
Assigner Org ID-dbd8429d-f261-4b1e-94cc-ae3132817e2e
View Known Exploited Vulnerability (KEV) details
Published At-12 Jun, 2026 | 22:19
Updated At-12 Jun, 2026 | 22:19
Rejected At-
▼CVE Numbering Authority (CNA)
Avira Password Manager credential disclosure via cross-origin autofill in Firefox

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

Affected Products
Vendor
Gen Digital
Product
Avira Password Manager
Platforms
  • Firefox
  • Windows
  • macOS
  • Linux
Default Status
affected
Versions
Affected
  • *
Problem Types
TypeCWE IDDescription
CWECWE-669CWE-669 Incorrect Resource Transfer Between Contexts
Type: CWE
CWE ID: CWE-669
Description: CWE-669 Incorrect Resource Transfer Between Contexts
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-116CAPEC-116 Excavation
CAPEC ID: CAPEC-116
Description: CAPEC-116 Excavation
Solutions

Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. No software update is currently planned.

Configurations
Workarounds
Exploits
Credits
reporter
Riccardo, an independent security researcher at TU Wien
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gendigital.com/us/en/contact-us/security-advisories/
N/A
Hyperlink: https://www.gendigital.com/us/en/contact-us/security-advisories/
Resource: N/A
Details not found