Incomplete Blacklist of Frame Owning Elements: CVE-2018-15669 Incomplete Blacklist of Frame Owning Elements: CVE-2018-15669

Home  |  Research  |  Resources  |  Advisories  |  Airmail 3 for Mac

Airmail 3 for Mac

Incomplete Blacklist of Frame Owning Elements

CVE ID

CVE-2018-15669

VENDOR

Bloop S.R.L.

PRODUCT

Airmail 3 for Mac

Product version

3.5.9

Vulnerability Details

Airmail's primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML Plug-In Elements within an email to trigger Frame navigation requests that bypass this filter.

Vendor response

No response.

Disclosure timeline

08-06-2018 - Vendor disclosure via email
08-13-2018 - Vendor notified via Support Page
08-21-2018 - Vendor notified of the advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos