Sonar Research

Stolen with Style: Dive into our technical writeup of a complex Cross-Site Scripting vulnerability we discovered in Proton Mail!

Be ready for a story about parser differentials, sandbox bypasses, and CSS data exfiltration:

https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/?utm_source=mastodon&utm_medium=social&utm_campaign=protonmail&utm_content=security&utm_term=mofu

#security #appsec #cleancode

Code Vulnerabilities Put Proton Mails at Risk

The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.

Sep 5, 2023 at 5:12pmWeb