Mailvelope is a free software for end-to-end encryption of email traffic inside of a web browser that integrates itself into existing webmail applications.

Cure53 conducted a penetration test against Mailvelope (2012 – 2013). The test was not a classic penetration test against a static target, but rather a very early evaluation of Mailvelope’s security implementation and its security design aspects.

The bugs listed in this report are based on a test against an alpha version, thus they are mostly absent from currently deployed versions.

The full report and a summary of findings can be found below.