Thomas Oberndörfer edited this page Dec 15, 2015 · 5 revisions

Security Audits

Fixed vulnerabilities

  • XSS via HTML file download link. (fixed in Mailvelope v1.3.2) Detailed analysis
  • Bug in S2K allows decryption of malformed private key backup messages. (fixed in Mailvelope v1.2.0) Detailed analysis
  • Integrated documentation page can access privileged API. (fixed in Mailvelope v0.11.0) Detailed analysis
  • EME PKCS1 v1_5 padding bug in OpenPGP.js. (fixed in Mailvelope v0.8.0) Detailed analysis and blog post.