{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-12068","assignerOrgId":"dbd8429d-f261-4b1e-94cc-ae3132817e2e","state":"PUBLISHED","assignerShortName":"GEN","dateReserved":"2026-06-12T09:09:57.930Z","datePublished":"2026-06-12T22:19:18.986Z","dateUpdated":"2026-06-15T16:01:19.318Z"},"containers":{"cna":{"providerMetadata":{"orgId":"dbd8429d-f261-4b1e-94cc-ae3132817e2e","shortName":"GEN","dateUpdated":"2026-06-12T22:19:18.986Z"},"title":"Avira Password Manager credential disclosure via cross-origin autofill in Firefox","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-669","description":"CWE-669 Incorrect Resource Transfer Between Contexts","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-116","descriptions":[{"lang":"en","value":"CAPEC-116 Excavation"}]}],"affected":[{"vendor":"Gen Digital","product":"Avira Password Manager","platforms":["Firefox","Windows","macOS","Linux"],"versions":[{"status":"affected","version":"*"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\n\nThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.","supportingMedia":[{"type":"text/html","base64":false,"value":"Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.<p>This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.</p>"}]}],"references":[{"url":"https://www.gendigital.com/us/en/contact-us/security-advisories/"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"HIGH","baseScore":7.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}}],"solutions":[{"lang":"en","value":"Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. No software update is currently planned.","supportingMedia":[{"type":"text/html","base64":false,"value":"Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. <strong>No software update is currently planned.</strong>"}]}],"credits":[{"lang":"en","value":"Riccardo, an independent security researcher at TU Wien","type":"reporter"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-15T16:01:07.717925Z","id":"CVE-2026-12068","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-15T16:01:19.318Z"}}]}}