Mailto: Me Your Secrets. Three attacks on OpenPGP and S/MIME implementations: (PDF file)

The paper describes three attacks on OpenPGP and S/MIME implementations to replace certificates, sign arbitrary messages, or exfiltrate private keys.

I wonder why Thunderbird for Windows and FairEmail for Android isn't listed.

How old is that list? Iirc claws-mail saving unencrypted drafts was patched long time ago.


The list is from the paper, released 5 days ago.

As security researches usually work with affected vendors to fix the vulnerabilities before releasing their findings, the current software should be patched in most cases.

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community