All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-12068
HIGHpublished 2026-06-12 23:16 UTC · 12 days ago · modified 2026-06-15 20:49 UTC
7.4
CVSS / 10
// description
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
// weaknesses (CWE)
- CWE-669