CVE-2018-15670
Bloop Airmail 3.5.9 for macOS is affected. The primary WebView can trigger OpenURL by default during navigation handling, and a navigation request is accepted only when the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker could exploit HTML elements with an EventHandler to influence naviga...