In most scenarios, the attack only worked if the victim viewed both emails and clicked a specific link in the second one.
The Sonar Research team identified the vulnerability during a routine audit of Proton's open-source repositories. The issue stemmed from how the web application handled user-controlled HTML. While senders need the ability to style messages, failing to properly sanitize certain tags can allow malicious tags to execute in a reader's browser. How the Exploit Worked Proton Exploit
When possible, use native desktop or mobile apps which often have different attack surfaces than web-based versions. If you'd like to refine this draft, tell me if you want to: In most scenarios, the attack only worked if
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy . In most scenarios
Aqua Data Studio / nhilam |
Follow
829
|
In most scenarios, the attack only worked if the victim viewed both emails and clicked a specific link in the second one.
The Sonar Research team identified the vulnerability during a routine audit of Proton's open-source repositories. The issue stemmed from how the web application handled user-controlled HTML. While senders need the ability to style messages, failing to properly sanitize certain tags can allow malicious tags to execute in a reader's browser. How the Exploit Worked
When possible, use native desktop or mobile apps which often have different attack surfaces than web-based versions. If you'd like to refine this draft, tell me if you want to:
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy .
About AquaClusters Privacy Policy Support Version - 19.0.2-4 AquaFold, Inc Copyright © 2007-2017