Avoid clicking unexpected links in emails, even from seemingly secure providers.
The Sonar Research team identified the vulnerability during a routine audit of Proton's open-source repositories. The issue stemmed from how the web application handled user-controlled HTML. While senders need the ability to style messages, failing to properly sanitize certain tags can allow malicious tags to execute in a reader's browser. How the Exploit Worked
An attacker would need to send two carefully crafted emails to the target.
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy .
Add details about other recent fixes (like the patch). Include SEO keywords tailored for cybersecurity audiences. Proton Mail's responsible vulnerability disclosure policy
The attack required a specific sequence of actions to succeed, which limited its real-world viability:
