I have found this video about a Mailvelope security issue: https://www.youtube.com/watch?v=NnHOYSRrqS4

In there an attacker can get the private keys of Mailvelope, through a browser exploit, and because Mailvelope, when using OpenPGP.js, stores the private key in plaintext, without encrypting the private key.

• Has this security issue been addressed?
• Is there a way to fix this security hole when Mailvelope is using OpenPGP.js?

Please check out our FAQ on private key security: https://mailvelope.com/en/faq#private_key_security
If you don't want to store your private key in the browser you can also use your GnuPG keyring with Mailvelope: https://github.com/mailvelope/mailvelope/wiki/Mailvelope-GnuPG-integration

@toberndo Thank you.
I already use GnuPG with Mailvelope.

I was asking this, for friends of mine who I want to communicate with. And because on the video a malicious user is able to retrieve the private key. This will define how I suggest the Mailvelope usage and instalation.