Vendors affected by Mailsploit (https://mailsploit.com)
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

Comment only
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
Mail clients
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
2
Apple Mail.app MACOS IOSYESYESNOJuly 16, 2017FIXED AS OF 29 MAR. 2018
All versions of macOS and iOS are affected. watchOS as well. Regarding the fix: https://twitter.com/pwnsdx/status/1008092924834349057
3
Mozilla Thunderbird / SeaMonkey MACOS WINDOWSYESYESNOAugust 21, 2017FIXED AS OF 22 DEC. 2017
GOOD NEWS! Mozilla fixed the issue in Thunderbird. https://bugzilla.mozilla.org/show_bug.cgi?id=1423432 Original discussion was over email using PGP and resulted in a WON'T FIX. No bugzilla report was made.
4
Mail for Windows 10 WINDOWSYESYESNOSeptember 5, 2017TRIAGED
5
Microsoft Outlook 2016 MACOS WINDOWSYESYESNOSeptember 5, 2017FIXED AS OF 9 JAN. 2018 (MAC)
6
Yahoo! Mail IOSYESYESYESAugust 26, 2017FIXED AS OF 19 OCT. 2017
7
Yahoo! Mail ANDROIDYESYESYESAugust 26, 2017FIXED AS OF 19 OCT. 2017
8
[A bug bounty program that does not allow disclosure yet] ANDROID
YESYESNOAugust 24, 2017TRIAGED
9
[A bug bounty program that does not allow disclosure yet] IOSYESYESYESAugust 24, 2017TRIAGED
10
Spark ≤ 1.4.1.392 MACOSYESYESYES (+ FILE WRITING VIA ATTACHMENTS)September 5, 2017REPORTEDFile writing is limited by macOS sandbox
11
Spark IOSYESYESYESSeptember 5, 2017REPORTED
12
ProtonMail ANDROID IOSYESYESNOAugust 24, 2017FIXED AS OF 1 SEPT. 2017
13
Polymail MACOSYESYESYESSeptember 5, 2017REPORTEDFile writing is NOT limited by macOS sandbox
14
Airmail ≤ 3.3.3 MACOSYESNO
YES (+ FILE READING, FILE WRITING VIA ATTACHMENTS)
September 5, 2017REPORTEDFile writing is limited by macOS sandbox
15
BlueMail ≤ 1.9.2.62 ANDROIDYESYESYESSeptember 5, 2017REPORTED
16
TypeApp ANDROID IOSYESYESYESSeptember 5, 2017REPORTED
17
AquaMail ANDROIDYESYESNOSeptember 5, 2017REPORTED
18
Opera Mail MACOS WINDOWSYES
YES (+ IN THE RAW SOURCE)
NOSeptember 5, 2017WON'T FIX
19
Postbox ≤ 5.0.18 MACOS WINDOWSYESYESNOSeptember 5, 2017REPORTED
20
Newton ANDROID MACOS WINDOWSYESYESYESSeptember 2, 2017FIXED AS OF 13 DEC. 2017
21
Guerrilla Mail ANDROIDYESYESNOSeptember 5, 2017WON'T FIX (NOT NECESSARY)
22
Email Exchange + by MailWise ANDROIDYESNOYES (+ FILE WRITING VIA ATTACHMENTS)September 5, 2017REPORTEDFile writing is limited by Android sandbox
23
AOL Mail ANDROIDYESYESNO BUT FILE WRITING VIA ATTACHMENTSSeptember 5, 2017REPORTEDFile writing is limited by Android sandbox
24
TouchMail WINDOWSYESYESNOSeptember 5, 2017REPORTED
25
Mailbird WINDOWSNONOYESSeptember 5, 2017REPORTED
26
Gmail / Inbox by Gmail ANDROID IOSNONONO
27
eM Client WINDOWSNONONO
28
Claws Mail / Sylpheed WINDOWSNONONO
29
OE Classic WINDOWSNONONO
30
31
Webmail clients
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
32
Hushmail WEBYESYESYESAugust 27, 2017FIXED AS OF 27 AUG. 2017
33
Openmailbox.org WEBYESYES
YES (CAN MODIFY SENDER IN THE DOM AFTERWARDS)
August 27, 2017FIXED AS OF 27 AUG. 2017
34
[A bug bounty program that does not allow disclosure yet] WEBYESYESNOAugust 24, 2017TRIAGED
35
Open Xchange (Mailbox.org, Namecheap Private Email...) WEBYESYESNOSeptember 5, 2017FIXED AS OF 25 SEPT. 2017
36
ProtonMail WEBYESYESNOAugust 24, 2017FIXED AS OF 1 SEPT. 2017
37
Yahoo! Mail (new interface in beta) WEBYESYESNOAugust 26, 2017FIXED
38
Mailfence WEBYES
YES (LIST OF EMAILS ONLY)
YES (VIA EMAIL CONTENT)November 25, 2017FIXED AS OF 27 NOV. 2017
39
Microsoft Outlook Web WEBNONONO
40
Microsoft Exchange 2016 WEBNONONO
41
Microsoft Office 365 WEBNONONO
42
Gmail WEBNONONO
43
Fastmail WEBNONONO
44
GMX / Mail.com / 1&1 WEBNONONO
45
46
Support ticket systems
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
47
Supportsystem WEBYESYESNOSeptember 5, 2017REPORTED
48
osTicket WEBYESYESNOSeptember 5, 2017REPORTED
49
Intercom WEBYESYESNOAugust 31, 2017FIXED AS OF 12 SEPT. 2017
50
51
Candidates found by the community
Is affected by Mailsploit
SpoofingXSS / Code InjectionReport dateHas been fixedNotes
52
Vivaldi WEBYESYESNODecember 5, 2017REPORTED
https://twitter.com/vivaldibrowser/status/938033903314534401
53
K-9 Mail ANDROIDYESYESUNKNOWNDecember 5, 2017REPORTEDhttps://github.com/k9mail/k-9/issues/2962
54
[A bug bounty program that does not allow disclosure yet] WEBYESYESUNKNOWNDecember 5, 2017REPORTED
55
MailMate MACOSYESYESUNKNOWNDecember 5, 2017FIXED AS OF 6 DEC. 2017https://blog.freron.com/2017/mailmate-1-10-released/
56
Modoboa WEBYESYESUNKNOWNDecember 8, 2017FIXED AS OF 8 DEC. 2017
https://github.com/modoboa/modoboa/issues/1323#issue-280443020
57
Edison Mail IOS ANDROIDYESNOYESDecember 13, 2017REPORTED
58
The Bat! WINDOWSYESYESUNKNOWNFIXED AS OF 10 JAN. 2018
59
eM Client WINDOWSNONONO
60
Tutanota WEBNONONO
61
Sylpheed 3.6.0 LINUXNONOUNKNOWN
62
Jolla Mail SAILFISH OS BY JOLLAYESYESUNKNOWNDecember 5, 2017REPORTED
https://together.jolla.com/question/175540/mailsploit-and-jolla-email-client/
63
RainLoop WEBYESYESUNKNOWNDecember 5, 2017REPORTEDhttps://github.com/RainLoop/rainloop-webmail/issues/1591
64
IBM Notes WEBYESYESUNKNOWNAccording to 2 different anonymous sources
65
IBM Verse WEBYESYESUNKNOWNAccording to an anonymous source
66
IBM Verse ANDROID IOSYESYESUNKNOWNAccording to an anonymous source
67
NINE Email & Calendar ANDROIDYESYESUNKNOWNAccording to Greg Foss in the comments
68
Roundcube WEBNONONO
69
Mutt LINUXNONOUNKNOWN
70
KMail LINUXNONONO
71
* Blue = Not confirmed by myself / vendor
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...