Vendors affected by Mailsploit (https://mailsploit.com)
Comments
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
Comment only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
Mail clients
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
2
Apple Mail.app MACOS IOSYESYESNOJuly 16, 2017TRIAGED
All versions of macOS and iOS are affected. watchOS as well!
3
Mozilla Thunderbird ≤ 52.5.0 / SeaMonkey ≤ 2.4.8 MACOS WINDOWS
YESYESNOAugust 21, 2017
FIXED AS OF 11 DEC. 2017 (IN TB 58 BETA 2)
GOOD NEWS! Mozilla fixed the issue and will be available soon in Thunderbird. https://bugzilla.mozilla.org/show_bug.cgi?id=1423432 Original discussion was over email using PGP and resulted in a WON'T FIX. No bugzilla report was made.
4
Mail for Windows 10 WINDOWSYESYESNOSeptember 5, 2017TRIAGED
5
Microsoft Outlook 2016 MACOS WINDOWSYESYESNOSeptember 5, 2017TRIAGED
6
Yahoo! Mail IOSYESYESYESAugust 26, 2017FIXED AS OF 19 OCT. 2017
7
Yahoo! Mail ANDROIDYESYESYESAugust 26, 2017FIXED AS OF 19 OCT. 2017
8
[A bug bounty program that does not allow disclosure yet] ANDROID
YESYESNOAugust 24, 2017TRIAGED
9
[A bug bounty program that does not allow disclosure yet] IOSYESYESYESAugust 24, 2017TRIAGED
10
Spark ≤ 1.4.1.392 MACOSYESYESYES (+ FILE WRITING VIA ATTACHMENTS)September 5, 2017REPORTEDFile writing is limited by macOS sandbox
11
Spark IOSYESYESYESSeptember 5, 2017REPORTED
12
ProtonMail ANDROID IOSYESYESNOAugust 24, 2017FIXED AS OF 1 SEPT. 2017
13
Polymail MACOSYESYESYESSeptember 5, 2017REPORTEDFile writing is NOT limited by macOS sandbox
14
Airmail ≤ 3.3.3 MACOSYESNO
YES (+ FILE READING, FILE WRITING VIA ATTACHMENTS)
September 5, 2017REPORTEDFile writing is limited by macOS sandbox
15
BlueMail ≤ 1.9.2.62 ANDROIDYESYESYESSeptember 5, 2017REPORTED
16
TypeApp ANDROID IOSYESYESYESSeptember 5, 2017REPORTED
17
AquaMail ANDROIDYESYESNOSeptember 5, 2017REPORTED
18
Opera Mail MACOS WINDOWSYES
YES (+ IN THE RAW SOURCE)
NOSeptember 5, 2017WON'T FIX
19
Postbox ≤ 5.0.18 MACOS WINDOWSYESYESNOSeptember 5, 2017REPORTED
20
Newton ANDROID MACOS WINDOWSYESYESYESSeptember 2, 2017FIXED AS OF 13 DEC. 2017
21
Guerrilla Mail ANDROIDYESYESNOSeptember 5, 2017WON'T FIX (NOT NECESSARY)
22
Email Exchange + by MailWise ANDROIDYESNOYES (+ FILE WRITING VIA ATTACHMENTS)September 5, 2017REPORTEDFile writing is limited by Android sandbox
23
AOL Mail ANDROIDYESYESNO BUT FILE WRITING VIA ATTACHMENTSSeptember 5, 2017REPORTEDFile writing is limited by Android sandbox
24
TouchMail WINDOWSYESYESNOSeptember 5, 2017REPORTED
25
Mailbird WINDOWSNONOYESSeptember 5, 2017
NO, TICKET CLOSED WITHOUT REPLY
26
Gmail / Inbox by Gmail ANDROID IOSNONONO
27
eM Client WINDOWSNONONO
28
Claws Mail / Sylpheed WINDOWSNONONO
29
OE Classic WINDOWSNONONO
30
31
Webmail clients
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
32
Hushmail WEBYESYESYESAugust 27, 2017FIXED AS OF 27 AUG. 2017
33
Openmailbox.org WEBYESYES
YES (CAN MODIFY SENDER IN THE DOM AFTERWARDS)
August 27, 2017FIXED AS OF 27 AUG. 2017
34
[A bug bounty program that does not allow disclosure yet] WEBYESYESNOAugust 24, 2017TRIAGED
35
Open Xchange (Mailbox.org, Namecheap Private Email...) WEBYESYESNOSeptember 5, 2017FIXED AS OF 25 SEPT. 2017
36
ProtonMail WEBYESYESNOAugust 24, 2017FIXED AS OF 1 SEPT. 2017
37
Yahoo! Mail (new interface in beta) WEBYESYESNOAugust 26, 2017
SOMETHING WRONG HAPPENED, YAHOO WILL FIX
38
Mailfence WEBYES
YES (LIST OF EMAILS ONLY)
YES (VIA EMAIL CONTENT)November 25, 2017TRIAGED
39
Microsoft Outlook Web WEBNONONO
40
Microsoft Exchange 2016 WEBNONONO
41
Microsoft Office 365 WEBNONONO
42
Gmail WEBNONONO
43
Fastmail WEBNONONO
44
GMX / Mail.com / 1&1 WEBNONONO
45
46
Support ticket systems
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
47
Supportsystem WEBYESYESNOSeptember 5, 2017REPORTED
48
osTicket WEBYESYESNOSeptember 5, 2017REPORTED
49
Intercom WEBYESYESNOAugust 31, 2017FIXED AS OF 12 SEPT. 2017
50
51
Candidates found by the community
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
52
Vivaldi WEBYESYESNODecember 5, 2017REPORTED
https://twitter.com/vivaldibrowser/status/938033903314534401
53
K-9 Mail ANDROIDYESYESUNKNOWNDecember 5, 2017REPORTEDhttps://github.com/k9mail/k-9/issues/2962
54
[A bug bounty program that does not allow disclosure yet] WEBYESYESUNKNOWNDecember 5, 2017REPORTED
55
MailMate MACOSYESYESUNKNOWNDecember 5, 2017FIXED AS OF 6 DEC. 2017https://blog.freron.com/2017/mailmate-1-10-released/
56
Modoboa WEBYESYESUNKNOWNDecember 8, 2017FIXED AS OF 8 DEC. 2017
https://github.com/modoboa/modoboa/issues/1323#issue-280443020
57
Edison Mail IOS ANDROIDYESNOYESDecember 13, 2017REPORTED
58
eM Client WINDOWSNONONO
59
Tutanota WEBNONONO
60
Sylpheed 3.6.0 LINUXNONOUNKNOWN
61
Jolla Mail SAILFISH OS BY JOLLAYESYESUNKNOWNDecember 5, 2017REPORTED
https://together.jolla.com/question/175540/mailsploit-and-jolla-email-client/
62
RainLoop WEBYESYESUNKNOWNDecember 5, 2017REPORTEDhttps://github.com/RainLoop/rainloop-webmail/issues/1591
63
IBM Notes WEBYESYESUNKNOWNAccording to 2 different anonymous sources
64
IBM Verse WEBYESYESUNKNOWNAccording to an anonymous source
65
IBM Verse ANDROID IOSYESYESUNKNOWNAccording to an anonymous source
66
NINE Email & Calendar ANDROIDYESYESUNKNOWNAccording to Greg Foss in the comments
67
Roundcube WEBNONONO
68
Mutt LINUXNONOUNKNOWN
69
KMail LINUXNONONO
70
* Blue = Not confirmed by myself / vendor
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1