CVE-2018-15670

Name of the Vulnerable Software and Affected Versions Bloop Airmail 3 version 3.5.9

Description An issue was discovered where the primary WebView instance in Bloop Airmail 3 for macOS implements a decision policy for navigation actions. This policy allows OpenURL to be the default URL handler, but only processes navigation requests when the current event is triggered by a mouse click. An attacker may exploit this by using HTML elements with event handlers to validate navigation requests for specific URLs during these events.

Recommendations For Bloop Airmail 3 version 3.5.9, consider disabling the webView:decidePolicyForNavigationAction:request:frame:decisionListener: function as a temporary workaround until a patch is available. Restrict access to the primary WebView instance to minimize the risk of exploitation. Avoid using HTML elements with event handlers in emails to prevent potential abuse.