Airmail 3 for Mac
Incomplete Blacklist of Frame Owning Elements
CVE ID
Vendor
Bloop S.R.L.
Product
Airmail 3 for Mac
Product Version
3.5.9
Vulnerability Details
Airmail’s primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:"
such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML Plug-In Elements within an email to trigger Frame navigation requests that bypass this filter.
Vendor Response
No response.
Disclosure Timeline
-
Vendor disclosure via email
-
Vendor notified via Support Page
-
Vendor notified of the advisory release