{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12068", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "state": "PUBLISHED", "assignerShortName": "GEN", "dateReserved": "2026-06-12T09:09:57.930Z", "datePublished": "2026-06-12T22:19:18.986Z", "dateUpdated": "2026-06-15T16:01:19.318Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "GEN", "dateUpdated": "2026-06-12T22:19:18.986Z"}, "title": "Avira Password Manager credential disclosure via cross-origin autofill in Firefox", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Contexts", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-116", "descriptions": [{"lang": "en", "value": "CAPEC-116 Excavation"}]}], "affected": [{"vendor": "Gen Digital", "product": "Avira Password Manager", "platforms": ["Firefox", "Windows", "macOS", "Linux"], "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\n\nThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.<p>This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.</p>"}]}], "references": [{"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. No software update is currently planned.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. <strong>No software update is currently planned.</strong>"}]}], "credits": [{"lang": "en", "value": "Riccardo, an independent security researcher at TU Wien", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-15T16:01:07.717925Z", "id": "CVE-2026-12068", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-15T16:01:19.318Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12068", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-15T16:01:07.717925Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-15T16:01:14.208Z"}}], "cna": {"title": "Avira Password Manager credential disclosure via cross-origin autofill in Firefox", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Riccardo, an independent security researcher at TU Wien"}], "impacts": [{"capecId": "CAPEC-116", "descriptions": [{"lang": "en", "value": "CAPEC-116 Excavation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gen Digital", "product": "Avira Password Manager", "versions": [{"status": "affected", "version": "*"}], "platforms": ["Firefox", "Windows", "macOS", "Linux"], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. No software update is currently planned.", "supportingMedia": [{"type": "text/html", "value": "Avoid triggering Avira Password Manager autofill on web pages that embed cross-origin iframes (for example advertisement frames) when using Firefox. <strong>No software update is currently planned.</strong>", "base64": false}]}], "references": [{"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\n\nThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.", "supportingMedia": [{"type": "text/html", "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.<p>This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Contexts"}]}], "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "GEN", "dateUpdated": "2026-06-12T22:19:18.986Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12068", "state": "PUBLISHED", "dateUpdated": "2026-06-15T16:01:19.318Z", "dateReserved": "2026-06-12T09:09:57.930Z", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "datePublished": "2026-06-12T22:19:18.986Z", "assignerShortName": "GEN"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.\n\nThis issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux."}], "id": "CVE-2026-12068", "lastModified": "2026-06-15T20:49:19.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security@nortonlifelock.com", "type": "Secondary"}]}, "published": "2026-06-12T23:16:33.553", "references": [{"source": "security@nortonlifelock.com", "url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"}], "sourceIdentifier": "security@nortonlifelock.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "security@nortonlifelock.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["firefox", "windows", "macos", "linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Avira Password Manager", "source": "cna", "vendor": "Gen Digital"}, "product": "avira_password_manager", "vendor": "gen_digital"}], "created": "2026-06-13T00:30:10.445861+00:00", "updated": "2026-06-13T12:29:15.434953+00:00", "vendors": ["gen_digital", "gen_digital$PRODUCT$avira_password_manager"]}