Search criteria
6 vulnerabilities found for airmail_3 by bloop
FKIE_CVE-2018-15668
Vulnerability from fkie_nvd - Published: 2018-08-21 23:29 - Updated: 2024-11-21 03:51
Severity ?
Summary
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://versprite.com/advisories/airmail-3-for-mac-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://versprite.com/advisories/airmail-3-for-mac-2/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bloop:airmail_3:3.5.9:*:*:*:*:macos:*:*",
"matchCriteriaId": "877A6161-2DB1-4EDE-A2C3-922354E2FC4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la versi\u00f3n 3.3.5.9 de Bloop Airmail para macOS. El comando \"send\" en el esquema URL airmail:// permite que una aplicaci\u00f3n externa env\u00ede correos arbitrarios desde una cuenta activa. Los par\u00e1metros URL para el comando \"send\" con el prefijo \"attachment_\" designan los par\u00e1metros adjuntos. Si el valor de un par\u00e1metro adjunto corresponde con una ruta de archivo accesible, el archivo se adjunta al mensaje saliente. Adem\u00e1s, las rutas de archivos relativas son valores de los par\u00e1metros adjuntos aceptables. El manipulador se puede invocar usando cualquier m\u00e9todo que invoque el manipulador URL como un hiperv\u00ednculo en un correo. No se le pide ninguna confirmaci\u00f3n al usuario cuando el manipulador procesa el comando \"send\", conduciendo al env\u00edo autom\u00e1tico de un correo con adjuntos designados desde la cuenta objetivo a una direcci\u00f3n objetivo."
}
],
"id": "CVE-2018-15668",
"lastModified": "2024-11-21T03:51:14.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T23:29:00.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-15669
Vulnerability from fkie_nvd - Published: 2018-08-21 23:29 - Updated: 2024-11-21 03:51
Severity ?
Summary
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://versprite.com/advisories/airmail-3-for-mac-3/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://versprite.com/advisories/airmail-3-for-mac-3/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bloop:airmail_3:3.5.9:*:*:*:*:macos:*:*",
"matchCriteriaId": "877A6161-2DB1-4EDE-A2C3-922354E2FC4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
},
{
"lang": "es",
"value": "Se ha descubierto un error en la versi\u00f3n 3.3.5.9 de Bloop Airmail para macOS. Su instancia WebView primaria implementa \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" de modo que las peticiones desde HTMLIFrameElements se metan en una lista negra. Sin embargo, otras subclases de HTMLFrameOwnerElements no est\u00e1n prohibidas por la pol\u00edtica. Un atacante podr\u00eda explotar los elementos plug-in HTML en un correo para desencadenar peticiones de navegaci\u00f3n de tramas que omitan este filtro."
}
],
"id": "CVE-2018-15669",
"lastModified": "2024-11-21T03:51:14.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-21T23:29:00.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-15668 (GCVE-0-2018-15668)
Vulnerability from cvelistv5 – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
VLAI?
Summary
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://versprite.com/advisories/airmail-3-for-mac-2/",
"refsource": "MISC",
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15668",
"datePublished": "2018-08-21T23:00:00",
"dateReserved": "2018-08-21T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15669 (GCVE-0-2018-15669)
Vulnerability from cvelistv5 – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
VLAI?
Summary
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://versprite.com/advisories/airmail-3-for-mac-3/",
"refsource": "MISC",
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15669",
"datePublished": "2018-08-21T23:00:00",
"dateReserved": "2018-08-21T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15668 (GCVE-0-2018-15668)
Vulnerability from nvd – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
VLAI?
Summary
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the "send" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The \"send\" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the \"send\" command with the \"attachment_\" prefix designate attachment parameters. If the value of an attachment parameter corresponds to an accessible file path, the file is attached to the outbound message. In addition, relative file paths are acceptable attachment parameter values. The handler can be invoked using any method that invokes the URL handler such as a hyperlink in an email. The user is not prompted when the handler processes the \"send\" command, thus leading to automatic transmission of an email with designated attachments from the target account to a target address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://versprite.com/advisories/airmail-3-for-mac-2/",
"refsource": "MISC",
"url": "https://versprite.com/advisories/airmail-3-for-mac-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15668",
"datePublished": "2018-08-21T23:00:00",
"dateReserved": "2018-08-21T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15669 (GCVE-0-2018-15669)
Vulnerability from nvd – Published: 2018-08-21 23:00 – Updated: 2024-08-05 10:01
VLAI?
Summary
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-21T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://versprite.com/advisories/airmail-3-for-mac-3/",
"refsource": "MISC",
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15669",
"datePublished": "2018-08-21T23:00:00",
"dateReserved": "2018-08-21T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}