Norton Security Advisories

Security Advisories --> Hall Of Fame

 

NLOKSA1506 Avira Password Manager-Browser Extensions vulnerable to Sensitive Data Leakage via Phishing
Advisory Status CLOSED
Summary NortonLifeLock has released an update to address an issue that was discovered in Avira Password Manager Browser Extension
Affected Products Only the following software is affected:
  • "Avira Password Manager" - extension for Chrome; version 2.18.4.3868
  • "Avira Password Manager" - extension for MS Edge; version 2.18.4.3847
  • "Avira Password Manager" - extension for Opera; version 2.18.4.3847
  • "Avira Password Manager" - extension for Firefox; version 2.18.4.38471
  • "Avira Password Manager" - extension for Safari; version 2.18.4
Issues Mitigation

Upgrade extensions to following versions:

  • "Avira Password Manager" - extension for Chrome; version 2.18.5.3877
  • "Avira Password Manager" - extension for MS Edge; version 2.18.5.3877
  • "Avira Password Manager" - extension for Opera; version 2.18.5.3877
  • "Avira Password Manager" - extension for Firefox; version 2.18.5.38771
  • "Avira Password Manager" - extension for Safari; version 2.18.5 (3877)

Users who have not disabled auto-updates receive the updated versions automatically and do not need to take any action

Acknowledgements

Stiftung Warentest


CVE-2022-28795  
Severity/CVSSv3: Critical
Score: 9.6
Vector: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References https://nvd.nist.gov/vuln/detail/CVE-2022-28795
Impact Sensitive Data Leakage
Description A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.
Additional Recommendations, if any: We encourage customers to ensure their security software - as well as their tech devices - are always updated to the latest version available. In addition, we encourage users to use two-factor (2FA) authentication as an additional layer of security.