ProtonBlog
NewsletterSubscribe by RSS

Update about reported XSS issue

Proton Team

Share this page

A couple of days ago, a video was circulated online that claimed Proton Mail is susceptible to a XSS (cross-site scripting) issue which raised some concerns among Proton Mail users. We want to clarify that this does not impact the current version of Proton Mail(new window).

XSS issue

Proton Mail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make Proton Mail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.

The Proton Mail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of Proton Mail. The video is showing an earlier development version of Proton Mail that was originally released on May 10, 2014 for limited testing, and is not used in the current production systems.

We are supportive of all efforts to improve the security of Proton Mail and appreciative of our security contributors. Security inquiries can always be directed to security@proton.me

Protect your privacy with Proton
Create a free account

Share this page

Proton Team

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

Whether it’s personal documents such as your birth certificate or confidential business files like work contracts, we all have sensitive documents we need to store securely. With so many storage options available, it’s important to understand the dif
At Proton Mail, your security is our number one priority. Normally, this means protecting your inbox from unauthorized outside access. However, rather than trying to hack your software, phishing emails try to hack you. By spoofing emails from trusted
Learn all about email clients and why you might use one instead of webmail. If you’ve used an app like Gmail on your mobile phone or Outlook on your computer, you’ve used an email client. We explain how an email client works and the pros and cons of
No email service is completely anonymous. Learn how to send an email as anonymously as possible using private email, aliases, and a VPN or Tor. Do you need to send an email without revealing who you are? Unfortunately, you can’t just sign up for a f
Today, we’re introducing Proton Family, our all-in-one plan to protect your family’s privacy.  When you’re a parent, you do everything you can to prepare for the unexpected and keep your family safe. But extending this protection online is difficult
Starting last year, Google began to increase the number of ads displayed in Gmail. It started with more ads in the Promotions tab on mobile. And now it has grown to include advertising messages between regular emails on Gmail’s desktop site. Gmail u