CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
References
Link Resource
https://versprite.com/advisories/airmail-3-for-mac-3/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bloop:airmail_3:3.5.9:*:*:*:*:macos:*:*

Information

Published : 2018-08-21 23:29

Updated : 2020-05-04 13:43


NVD link : CVE-2018-15669

Mitre link : CVE-2018-15669


JSON object : View

Products Affected

bloop

  • airmail_3