Skip to content
This repository has been archived by the owner on Sep 5, 2020. It is now read-only.

Ethereum Wallet and Mist Beta 0.8.7
Compare
Choose a tag to compare
@evertonfraga evertonfraga released this 27 Oct 00:29
· 1130 commits to master since this release
v0.8.7
7eb2d2f

This is a security fix.

Mist users are highly recommended to update in order to keep account integrity when browsing through untrusted Dapps. Ethereum Wallet is not affected. See below.

Some Mist API methods were exposed, making it possible that malicious webpages get access to a privileged interface that could delete files on the local filesystem or launch registered protocol handlers and obtain sensitive information, such as the user directory or the user's coinbase.

Previously vulnerable exposed Mist APIs:

  • mist.shell
  • mist.dirname
  • mist.syncMinimongo
  • web3.eth.coinbase is now null, if the account is not allowed for the dapp

Upgrade to this version of the Mist Browser. Do not use any previous Mist version to navigate to any untrusted webpage, or local webpages from unknown origins. Ethereum Wallet is not affected as it doesn't allow navigation to external pages.

This is a good reminder that currently Mist is considered only for Ethereum App Development and should not be used for end users to navigate on the open web until it is reached at least version 1.0. An external audit of Mist is scheduled.

We'd like to thank the vulnerability discoverer Tintinweb for his responsible disclosure and remind everyone that we have a bounty program at bounty@ethereum.org

Checksums (SHA-256)

Mist

f464b15ea1179efff96d81c568b5991cf09c6b846244933bf25886d95e9ce2d8  Mist-linux32-0-8-7.deb
db071cd9bc4f1e13e2acd0b92ba86cb31cd5a456c55d8cd946afeee9c70d044f  Mist-linux32-0-8-7.zip
075dae83299157b309af208c1a233f851e8c633b798c29c5551dc26977d49304  Mist-linux64-0-8-7.deb
141826867630c308e8b809822cccb10858c87b48fbbf88d7e21dd6673d621374  Mist-linux64-0-8-7.zip
d8f5a442292b7a5faf4423a765fd34d4f08913ed59950c12c0c0f4447f64c278  Mist-macosx-0-8-7.dmg
ee4ef1de9c5fc136b76164a8c78c44ba435246c0e795ada412fb75cc4bf87337  Mist-win32-0-8-7.exe
a27e4f83d609b5d5a5935b005de2a25b4ed6f4b2e8a33aa1622d5413660e50c5  Mist-win64-0-8-7.exe

Wallet

4b61a4a1f4488a72848322d444e374d69ea190519c6e96ee002699d578a3bb5b  Ethereum-Wallet-linux32-0-8-7.deb
13ce1bc6a6702596d73811d63a0df0c9835a774571e21e17e5b71ebb65bee633  Ethereum-Wallet-linux32-0-8-7.zip
1800f51e570353c082f0004cdb349109ff9d1b69d64232bf7d384b244c163837  Ethereum-Wallet-linux64-0-8-7.deb
f65a1161fb5ee0e9bf208c72c778aa907eff33eade66f87eeb27d6deee36f4ef  Ethereum-Wallet-linux64-0-8-7.zip
f9c89ba595ba6db9b976e1747c5355f01608dc09a44409fc1cd2c76b0660852c  Ethereum-Wallet-macosx-0-8-7.dmg
0ded87f21a7cedf39dd205c079c0a545e8dc1961d6303aa17eca44b01dedfc52  Ethereum-Wallet-win32-0-8-7.exe
5cd5ff833743aa031212bc95fd87db1fb54ea703e30adbdb24f11d3218ff4462  Ethereum-Wallet-win64-0-8-7.exe
Assets 16
Loading