An issue exists in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bloop airmail 3 3.5.9 |