CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.7%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://versprite.com/advisories/airmail-3-for-mac-3/
https://versprite.com/advisories/airmail-3-for-mac-3/

Products affected by CVE-2018-15669

Bloop » Airmail 3 » Version: 3.5.9

cpe:2.3:a:bloop:airmail_3:3.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15669

Products

Pricing

Contact Us