Home | Research | Resources | Advisories | Airmail 3 for Mac
EventHandler Race Condition
CVE ID
CVE-2018-15670
VENDOR
Bloop S.R.L.
PRODUCT
Airmail 3 for Mac
Product version
3.5.9
Vulnerability Details
Airmail's primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that "OpenURL" is the default URL handler. A navigation request is processed by the default URL handler only if the "currentEvent" is "NX_LMOUSEUP" or "NX_OMOUSEUP". An attacker may abuse HTML Elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the "NX_LMOUSEUP" event triggered by clicking an email.
Learn More →
Vendor response
No response.
Disclosure timeline
08-06-2018 - Vendor disclosure via email 08-13-2018 - Vendor notified via Support Page 08-21-2018 - Vendor notified of the advisory release