Mailvelope is a free software for end-to-end encryption of email traffic inside of a web browser that integrates itself into existing webmail applications.
Cure53 conducted a penetration test against Mailvelope (2012 - 2013). The test was not a classic penetration test against a static target, but rather a very early evaluation of Mailvelope's security implementation and its security design aspects.
The bugs listed in this report are based on a test against an alpha version, thus they are mostly absent from currently deployed versions.
The full report and a summary of findings can be found below.
This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.