CVE-2018-15670 — MEDIUM (4.3)

Vulnerability Description

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Bloop	Airmail	3.3.5.9
Apple	Macos	-

Related Weaknesses (CWE)

CWE-20

References

https://versprite.com/advisories/airmail-3-for-mac-4/Third Party Advisory
https://versprite.com/advisories/airmail-3-for-mac-4/Third Party Advisory

FAQ

What is CVE-2018-15670?

CVE-2018-15670 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the d...

How severe is CVE-2018-15670?

CVE-2018-15670 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15670?

Check the references section above for vendor advisories and patch information. Affected products include: Bloop Airmail, Apple Macos.