The vulnerability originates from the way Avira Password Manager handles autofill data when a page is loaded in Mozilla Firefox and the page contains cross‑origin iframes. The autofill mechanism incorrectly selects credentials for the parent page’s fields instead of scoping them to the iframe that injected them. As a result a remote attacker controlling content in the cross‑origin iframe can have the victim’s stored username and password automatically entered into fields on the parent page, exposing those credentials to the attacker. This is an information‑disclosure flaw that compromises the confidentiality of stored credentials.

The flaw affects products from Gen Digital, specifically Avira Password Manager, on Windows, macOS, and Linux when used with Firefox. No specific patch or update is available at the time of this report.

The CVSS score of 7.4 indicates a high severity vulnerability. The EPSS score is not available and the issue is not in the CISA KEV catalog, suggesting that while exploitation is feasible, it is not known to be widely exploited in the wild. A likely exploitation scenario would involve a malicious website embedding a cross‑origin iframe that, when loaded in Firefox, triggers the password manager’s auto‑fill and leaks the parent page’s credentials. The risk to a user depends on whether the victim’s browsing session includes trusted web pages that could contain embedded iframes. Because the attack requires only the presence of an iframe on a page visited by the user, the potential for exploitation is non‑negligible in environments without proper controls.