32 野に咲く名無し@転載禁止 (主) 2023/09/08 01:05:37
Code Vulnerabilities Put Proton Mails at Risk
https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/
The Sonar Research team discovered a Cross-Site Scripting vulnerability in the open-source code of Proton Mail. This issue allowed attackers to steal decrypted emails and impersonate their victims, bypassing the end-to-end encryption.
Attackers have to send two emails, both of which have to be viewed by the victim. In some scenarios, the attack would succeed if the victim only viewed the emails. However, most scenarios require the victim to click on a link in the second email.