Security researcher Vladimir Metnew discovered 3 XSS vulnerabilities in ProtonMail's iOS app: one in applewebdata: origin via SVG onload, another via javascript: URI anchor tag, and a third in data: origin via embedded base64-encoded HTML. While initially dismissed by ProtonMail as non-critical, the vulnerabilities enabled UXSS execution and potential privacy violations including email tracking and IP disclosure.
A stored XSS vulnerability in Outlook.com iOS browsers was exploited by crafting a PowerPoint file (saved in 97-2003 format) with a javascript: protocol hyperlink, which executes when the document is opened and the link is clicked within the iOS browser. The researcher earned $1,000 USD from Microsoft's bug bounty program.
A stored XSS vulnerability was discovered in Mail.ru's .eml file parsing functionality, where the subject field from uploaded email files was reflected without sanitization, allowing attackers to inject JavaScript that executes when victims open the malicious message. The vulnerability could be weaponized as an XSS worm to steal session cookies and act on behalf of logged-in users.
An article describing the discovery of a zero-day vulnerability in an Electron-based email viewer application, challenging common assumptions about where critical bugs are typically found.