8 matches found
CVE-2018-15667
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...
CVE-2018-15669
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...
Design/Logic Flaw
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...
Design/Logic Flaw
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...
Command injection
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...
CVE-2018-15668
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
CVE-2018-15670
Bloop Airmail 3.5.9 for macOS is affected. The primary WebView can trigger OpenURL by default during navigation handling, and a navigation request is accepted only when the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker could exploit HTML elements with an EventHandler to influence naviga...
CVE-2018-15669
In Bloop Airmail 3.5.9 for macOS, the primary WebView policy function webView:decidePolicyForNavigationAction:request:frame:decisionListener: blacklists only requests from HTMLIFrameElements. Other HTMLFrameOwnerElements subclasses are not restricted, allowing an attacker to abuse HTML plug-in el...