An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-21T23:00:00

Updated: 2024-08-05T10:01:54.529Z

Reserved: 2018-08-21T00:00:00

Link: CVE-2018-15669

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-21T23:29:00.473

Modified: 2024-11-21T03:51:14.763

Link: CVE-2018-15669

cve-icon Redhat

No data.