Home | Research | Resources | Advisories | Airmail 3 for Mac
Incomplete Blacklist of Frame Owning Elements
CVE ID
CVE-2018-15669
VENDOR
Bloop S.R.L.
PRODUCT
Airmail 3 for Mac
Product version
3.5.9
Vulnerability Details
Airmail's primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML Plug-In Elements within an email to trigger Frame navigation requests that bypass this filter.
Learn More →
Vendor response
No response.
Disclosure timeline
08-06-2018 - Vendor disclosure via email 08-13-2018 - Vendor notified via Support Page 08-21-2018 - Vendor notified of the advisory release