Vulnerabilities > CVE-2018-15669 - Unspecified vulnerability in Bloop Airmail 3 3.5.9

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

bloop

NVD

Published: 2018-08-21

Updated: 2024-11-21

Summary

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.

Vulnerable Configurations

Part	Description	Count
Application	Bloop Bloop Airmail 3 3.5.9	1

References

https://versprite.com/advisories/airmail-3-for-mac-3/
https://versprite.com/advisories/airmail-3-for-mac-3/