CVE-2018-15669

CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.

Source: CVE-2018-15669

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다