CVE-2022-28795

Published: Apr 12, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.

Vendor	Product	Versions
n/a	Avira Password Manager – Browser Extensions	affected `Avira Password Manager - extension for Chrome` affected `version 2.18.4.3868 Avira Password Manager - extension for MS Edge` affected `version 2.18.4.3847 Avira Password Manager - extension for Opera` affected `version 2.18.4.3847 Avira Password Manager - extension for Firefox` affected `version 2.18.4.38471 Avira Password Manager - extension for Safari` +1 more versions

References

https://support.norton.com/sp/static/external/tools/security-advisories.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-28795

Description

Affected Products

References