Pachinko2821

**Name of the Vulnerable Software and Affected Versions** Tutanota versions prior to 3.118.12 **Description** The issue concerns the handling of URL schemes in emails. Prior to version 3.118.12, Tutanota correctly blocks the `file:` URL scheme but fails to check other harmful schemes such as `ftp:` and `smb:`, which can be used by malicious actors to gain code execution on a victim's computer. Successful exploitation enables an attacker to gain code execution on a victim's computer. **Recommendations** For versions prior to 3.118.12, update to version 3.118.12 or later to resolve the issue. As a temporary workaround, consider disabling the ability to open links in external applications until the update is applied. Restrict access to harmful URL schemes such as `ftp:` and `smb:` to minimize the risk of exploitation.