Mailto: Me Your Secrets. Three attacks on OpenPGP and S/MIME implementations:
The paper describes three attacks on OpenPGP and S/MIME implementations to replace certificates, sign arbitrary messages, or exfiltrate private keys.
I wonder why Thunderbird for Windows and FairEmail for Android isn't listed.
How old is that list? Iirc claws-mail saving unencrypted drafts was patched long time ago.
The list is from the paper, released 5 days ago.
As security researches usually work with affected vendors to fix the vulnerabilities before releasing their findings, the current software should be patched in most cases.
chaos.social – a Fediverse instance for & by the Chaos community