Latest release

Ethereum Wallet and Mist Beta 0.10.0

@evertonfraga evertonfraga released this Mar 21, 2018 · 294 commits to master since this release

It is with joy that we present the 0.10.0 version of Ethereum Wallet and Mist Browser beta. This release brings some fundamental changes that will help shape the following versions of the project, along with some long-awaited improvements.

Light client as default sync mode

Along with the Geth 1.8 series, the Light Client sync mode got significant improvements and is fully usable again. It features a blazingly fast zero-to-latest-block speed, with little impact on storage requirements.

After lots of testing, we have promoted the Light Client sync mode as default on Mist and Ethereum Wallet for new users.

You can toggle the sync mode on Develop > Sync with Light Client.

The Light Client sync mode was devised to request information on-demand from "Light Servers", thus removing the need of having the entire blockchain on a device. Those “Light Servers” also work in a secure and decentralized manner, meaning anyone could set up and run their own, conveying benefits to the whole network health. Please consider running a Light Server :)

Syncing and overall experience

We've spent quite some time simplifying the startup process. You can expect a smoother process as we’ve fixed some small bugs and annoyances.

  • Light Client syncing mode as the default setting
  • Introduces a core state module leveraging Redux
  • Updates to latest Geth version
  • Removes an outdated onboarding process
  • Adds "retry connection" to wallet splash screen
  • Swarm will start asynchronously, plus the ability to toggle the service

We are aware how much the syncing process takes away from the experience and while these improvements certainly help, we know there’s a lot more we can do. We are working on a “layered node” architecture in an upcoming release, which will allow us to remove the syncing screen altogether. This feature will allow you to connect directly to a remote node and use Mist/Ethereum Wallet immediately. Meanwhile, your local geth node will continue to sync in the background and will receive web3 calls once it is fully synced. Read more on layered nodes here.

Bugfixes and behind-the-curtain improvements

  • Splash logic refactor, pt. 1
  • Minor fix on getTransactionReceipt override
  • Fix for
  • Unable to create contract
  • Updating OS-timesync package

Electron security updates

We’ve updated to Electron’s latest stable release, with security fixes. More info on their release notes: 1.8.4, 1.8.3.

Mist Browser is still beta and we recommend you not to visit untrusted websites for the time being. Ethereum Wallet, though, is OK to use

Note about Linux .deb

Although we still maintain .zip files for Linux distros, we are reassessing the support to .deb packages, due to some unexpected behaviors. We’re studying the possibility to replace it by AppImage, a self-contained app bundling system that works with many Linux distros. It’s been widely used by modern apps today. Please head to this thread for more details.


Although we’re making great efforts to tackle bugs, enhancements and user requests, the Mist repository gets a lot of support questions. We’re very grateful for the folks who have signed up to receive and triage issues using CodeTriage. This app sends a configurable amount of notifications per day (from 1 to 20) containing issues in need of a response. If you’re interested, this is a great way to help out our team and to learn more about the project.


As always, you’ll find the checksum table below. Learn how to verify a file checksum.

File Checksum (SHA256)
Ethereum-Wallet-installer-0-10-0.exe eba69844bc1d8e2ba5253f016c7e65815ce66e892b85fb3d6533babcd38c7376 f8fbd1bd24e6e6532ce664caa987f49768817439967c2d63301f694718b03789 8f32a1e3836d915256fa5e8b6150528603941a26eac6e5bdb2468a2581c386ea
Ethereum-Wallet-macosx-0-10-0.dmg 0e2f2ae23a4e5f36f82ae2de14a885724ac67bcb9157ce9b1636e30d3f101394 b0d1a7bac50a9c14fe2c3a45e1a59051aaa8de6869b1eef0b24983064b46d864 e270f9413ff0be769de919fbe935e2f81dce8924d2a82e0ade71c717e8e00bf6
Mist-installer-0-10-0.exe 5d78178d06c07a6fd2c0ba619d65d08f03f41b74247a016ef30a9d9b512eaa2c 930aa994b45d7b29f12254cad04e966e5e95f543c137a937bf42149e2aed1b06 f127e5cf6aa87d26c66c3e4d338a50d37670158fba496b44731dbae68e3c6106
Mist-macosx-0-10-0.dmg 7850ca771eb68b9ad6c3413ce21d4bf04beeb481bbb859cda482185ec8855471 e895414cf5779fed1df750a77640f32b60525b33025ff07c567ff299c57949b6 a138769c59f79bb9d1ef4cdc6492ae9f07a5b594a073dce734aa61c1bb8a5bc8

Ethereum Wallet and Mist 0.9.3 "Cliente Ligero"

@evertonfraga evertonfraga released this Nov 23, 2017 · 513 commits to master since this release

This release brings more stability to the Geth Light Client integration and some general improvements.

Mist now injects contractAddress on web3.eth.getTransactionReceipt() responses when the node does not return it. Which means, when using the Ethereum Wallet with Light Client enabled, it would properly show newly-created wallet contracts. See #3265.

⚠️ Do not visit untrusted DApps or websites with Mist browser in order to reduce risks!


PR Description
#3265 getTransactionReceipt return injection
#2955 Node info on remote nodes fix
#3158 Travis CI best practices
#3291 Auto-generating SHA256 checksums
#3184 Catalan translation
#3263 Updated ABI signatures dictionary
#3288 Prevents lokiDB file inflation
#3274 Updates Solidity compiler to v0.4.18


File Checksum (SHA256)
Ethereum-Wallet-installer-0-9-3.exe 63fe38637e03a8f7f48ac6c6985b43bd4cb6759b793b5efbe3f92586d1db031a ba2d01f9b351893564e96eb33cac066f74d8839da6be09fbd3fd126418f693a5 1573ab85ae93d0a162b88e03abb3f4f173f7b3b744d3929e0d4d8303a2703581
Ethereum-Wallet-linux32-0-9-3.deb 0908492c040201e5fd6cb0666eba329c35c01ab6b7080b343ef4636b7a7ed9f7 72425a83378539c9b774c761b8dda10af04f6cbb6f5f37f6a4fa944e4159dfc7
Ethereum-Wallet-linux64-0-9-3.deb 946b4b7dec1b6f2b58b6ef21d06a12dcee691fa2186baad7d99872f94240ced8 bacff5b9ca62b43d38234059ec73f75ef076f97da1e96a8d4f5dbc3b3f17ad69
Ethereum-Wallet-macosx-0-9-3.dmg c90fb7aad36b3a8357cac9472776b0e92363b2b8c684b8ea36d160a68cbe829f
Mist-installer-0-9-3.exe 26907f8051fa77880322ab37b128d2243aeb0dec1a020603bdaf4477779674c1 6011eefac97e94519417dc6098f3fb61e31ba5db42bc809cbb2cc1f84a810cbe e9a399bec34c05c63bffef8f119896a02b0dad49776c381a8832b4c54fbba6e6
Mist-linux32-0-9-3.deb 1c7928dcd8b26126d0f6ab5aae7251da85b9adcdfa1b0b36ffb36f87c64977d8 a3fd569d6916e819b3c21b65daddef2f3840d6edba2602c0125f6701f5f8833e
Mist-linux64-0-9-3.deb 01e3df03dce3132f7521118e553468e0fad83f637233f1ff28cdaa7e5dffc245 62f4ea2207e7d0f661683b72acdb46d3ff36958b779e023411988d929b98d77a
Mist-macosx-0-9-3.dmg 36c96d79f9b1bff15c0b152754a9d85a19eaf9ecc39d739455b1801a99baeee7

Ethereum Wallet and Mist 0.9.2

@evertonfraga evertonfraga released this Oct 13, 2017 · 549 commits to master since this release

This release contains a security fix. Updating Mist is highly recommended. If you want to keep using an older Mist version, you mustn't visit untrusted websites.

Refer to Electron 1.7.9 release notes for more info.

Ethereum Wallet users are not affected by the vulnerability.

Thanks to Juno and Hithereum Team for reporting. Any contributions to our Ethereum Bounty Program are much appreciated.


PR description
#3149 Updates electron to 1.7.9
#3127 Fixes light client connection issue
#3146 Clock sync popup warning fix for macOS High Sierra users

Light Client integration (from v0.9.1 onwards)

The long-awaited Light Client integration has come, in its own beta version.

Syncing time decreased by an order of magnitude, compared to running a full node. Same as for storage requirements.

As Geth 1.7.x uses LES protocol v1, you'll notice log retrieval takes more time than usual. The good news is v2 is coming to ease that. We'll keep you posted.

In order to enable it, head to Develop > Use Light Client menu.

You can join us for further discussion at the Gitter channel.


File SHA256
Ethereum-Wallet-installer-0-9-2.exe 781db31cdd90644f5e807b8c12564afe669192112245c9a011209662f4ae9df9
Ethereum-Wallet-linux32-0-9-2.deb 09e5b4cdc73a3b51d14b0c2a8b3bbe7e31cefbc762aba7f95bf451e8faab2242 82a3a83cec1cae9dc07b360490c21f41544c81ebcdf09795445f27569cdc2d5d
Ethereum-Wallet-linux64-0-9-2.deb 4cd4cd7b7acfc4e72ffece7c63e685a87cd13de68957f98e1d20e262449d4c1e 0c105861e1f9b29d2c8bd6afe1de8e3aa9a49ae3a85dd59a9c57f5fd91f93541
Ethereum-Wallet-macosx-0-9-2.dmg 6d87f99ad8e53e5a1cbcaab19552ee042b17d1e297a3b025b1edf630b0a0b100 4a13df34b4bb8f16c3d168d8e4b44c1e8aede1906e16486844e81c4f8858e073 d07ac5cce5921317d0837b8f426cc6b542613955e7e54887a3c220611a9ee9c2
Mist-installer-0-9-2.exe 18e4ec769cbd3bc848a886b190772fffc1c77954ef6464deadc0a1883397b8ce
Mist-linux32-0-9-2.deb bde4de47acbe4bda74e68b2b6925726ac9fba2bc4cde2559603df7c25d23425c 62e0e19d5a7e2e6b20bf06dd8baf091c845c0080fef29830bd79532d8379bb09
Mist-linux64-0-9-2.deb 087f44b06b82bfe97fac85466ada458796d21316a5d6c2ebe5543110a5ea9037 fadf526072eaec476cf1e53a82ee274fb4af8831f258ecfc0e471a4d3c22d7d8
Mist-macosx-0-9-2.dmg 2480301ee8c94e791131b05f560523fc1aac24a8e65756173851a1dcf0abc8d3 1231b24094f3d3f0bcf1ffabc80d16e445353f98a06726d9029ba8532c8dd7e4 0868d7c784f7d9729cd39205c420050f954e997ee80f0ea09cbaf02f92609427

Learn how to verify a file integrity.

Ethereum Wallet and Mist 0.9.1

@evertonfraga evertonfraga released this Sep 27, 2017 · 566 commits to master since this release

This release contains a security fix. Updating Mist is highly recommended. If you want to keep using an older Mist version, you mustn't visit untrusted websites.

Refer to Electron 1.7.8 release notes for more info.

Ethereum Wallet users are not affected by the vulnerability.

Thanks to Yoonho Kim for reporting via the Ethereum bug bounty program.

Introducing Light Client integration (beta)

The long-awaited Light Client integration has come, in its own beta version.

Syncing time decreased by an order of magnitude, compared to running a full node.

As Geth 1.7.x uses LES protocol v1, you'll notice log retrieval takes more time than usual. The good news is v2 is coming to ease that. We'll keep you posted.

In order to enable it, head to Develop > Use Light Client menu.

You can join us for further discussion at the Gitter channel.


File Checksum (SHA256)
Ethereum-Wallet-installer-0-9-1.exe 3eaac548554e34b5f4efb2e91f63d595af3898c69d1b7922a5b8fb494a8810bb
Ethereum-Wallet-linux32-0-9-1.deb 4abf8bccd6dfa02f67447acb4aca16d1a110a83d9f513246beb52eeca3c7ae4b 7685aae8bb94f54c24a3ca60a9405d773f36251b1714d0e9076071ebd1fe3131
Ethereum-Wallet-linux64-0-9-1.deb 1b9d636cb0d64028086bd949a9e60df1aacb8a1890a6db5f16b26c5e6eb816c4 adaf06a3b967ceadf4746404f94ae35037e27688b0ba5094f111d359bece7bc4
Ethereum-Wallet-macosx-0-9-1.dmg 53023d0b3d2724ca2656b5a21c6c0516534906cfe62c69d3bef4439e59ca3040 bcfdbae74d27480909fe750c01152cb29efc775106195b9f5b3f8b9420e95cc8 705bdf8945fd012aa3ad373508d5964df296acac2a6b14c8d764ceab5ba96880
Mist-installer-0-9-1.exe 4168ebf823be478c0becc52a0a29040990a92e39da4b6463ae58a69c1eacbca4
Mist-linux32-0-9-1.deb ea118e05ab114494a680c80ee108616b9c938c96907d66dd2c2869d58f62f992 13f28936a885b657d9a5ef83548647519cd7f6919fff3f399b84e85f196edc8e
Mist-linux64-0-9-1.deb 9aba8ff24c34b5ac88505c89a9dcbad03dad513ee66efd6b10fc00e42839c873 d79f5ea504b2561579594cae207e14165b81423a727063d62af66ad4a04e10d1
Mist-macosx-0-9-1.dmg 0c8a03232fbb8493e8b146812d0d553e49b8054bd7a7801b1e5046b901ab5e29 39dbc89419315f6d6b84f61dcca83b0ac2b44f1c9f5d06dbd786031f9f4e419a 4dedfd17d40878eda5ce759dc96d6df6d332f82b36c1050959bc106fcaf3f16a

Ethereum Wallet and Mist 0.9.0 "It's happening"

@evertonfraga evertonfraga released this Jul 24, 2017 · 597 commits to master since this release

This release adds some anticipated features and also addresses important security improvements.

IMPORTANT FOR DAPP DEVELOPERS! Read the notes below about changes in Mist's web3 object!

Mist Browser

Swarm supportbeta

It is now possible to navigate through the Swarm decentralized network with the bzz:// protocol. Every request lands on the Swarm node, which will search for the content through the p2p network and display your website/file of choice.

Basically, it means that if you point your ENS domain to a swarm hash, the swarm content can be accessed on Mist via bzz://mydomain.eth. How cool is that? New web, much wow 😎

Also, in order to upload files and folders on Mist is as easy as File > Upload to Swarm....

Keep in mind that in order to use ENS domains, your chain has to be synced, as it looks up to ENS resolver contracts.

For more information about the project, head to bzz://theswarm.eth — after updating Mist, of course.
Kudos to @zelig and Swarm team.

Security hardening

Increased security by leveraging the use of a fully isolated JavaScript context between Mist and the Dapps. See #2087.


From this version on Mist will not ship its own web3.js instance anymore. We only provide for now web3.currentProvider so you can connect to ethereum. In the future, we will provide a special ethereum object with a default provider.

Also this web3.currentProvider will not allow sync calls anymore, as it is already the case in MetaMask (and it's bad practice in general). So make sure to use the async ones e.g. web3.eth.accounts -> web3.eth.getAccounts(function(){...})

To instantiate your (self-included) web3.js lib you can use:

if(typeof web3 !== 'undefined')
    var web3 = new Web3(web3.currentProvider);
    web3 = new Web3(new Web3.providers.HttpProvider("http://localhost:8545"));

Easier test networks

In addition to Ropsten, you can now switch to the Rinkeby test network from the Develop menu. Rinkeby is also set as the default testnet, as it is much lighter to sync. See #2723.

And if you want to create your own solo network for testing purposes (or in a workshop where you have a very poor internet connection) you can also do it directly via the Develop menu: it will create a local network just for your computer in which you can test, mine and publish local contracts. It will use the --dev flag on your Geth node. From the Mist UI console (developer tools), you can use and control the web3 object.
See (command line options)[]. #2723.

An in-depth view of the Mist 0.9.0 changelog:

Ethereum Wallet

ENS support for addresses

You can write an ENS address on any address field on the Wallet, and the actual address represented by that name will appear when you click outside of the field.

It will even double check the name and can redirect to preferred names, so if you type "ethereum" it will see that it points to the address of the Ethereum Foundation tip-jar, which calls itself "ethereumfoundation".

Accounts also do reverse name lookup: if any of your accounts, wallets or contracts have registered a reverse name lookup, then they will be shown the ENS name in your app.

The meteor package containing this special input type is publicly available at Meteor Package Elements, made by @alexvandesande, so you can use it on your Dapp today.

ENS support for tokens

Now it's easier than ever to watch Tokens and see your balances. By clicking on Contracts > Watch Token, the modal will appear and you can type the Token symbol. Instantly all the available details will appear and you just have to confirm.

This was only possible after @kvhnuke created the big list o' tokens, and @Arachnid created thetoken.eth service 👏

Refer to the Wallet 0.9.0 changelog for a more in-depth view of the changes.


File Checksum (SHA256)
Mist-linux32-0-9-0.deb 5ad1aa5723c7ecf63bcb3066df354b40232082c9768b62f600d48bd11e3639d5 a4824c185e1353eebe727515d69ef34a79e953b8c925b355b33849e5b81caddc
Mist-linux64-0-9-0.deb 8af076ed1b601651a5a767d39443585c5a5c2b3d8c9adb457aec3c3ad9f640a0 3a224728cf1fb1bc4769f9b325e36b838866033524764251857e35c2f54c4c65
Mist-installer-0-9-0.exe 967472f755af6b32254e8e3fc67d7001c193b8c3dd58200f7b2e5be016e16307 67d154265e78331b609d992033c199b71f3aa2349e30dcbcca5f4a1777ab2b1e 01a3647f78e31e0bb32e7a55e4bbc3f9cf0611bd7024c7e2c86d99445b07ea13
Mist-macosx-0-9-0.dmg daf781fb64312400c3c85a1899f989a42a568d1b527c318b78d83084d31c4664
Ethereum-Wallet-linux32-0-9-0.deb 417b447732fcdf144e9b0a822231914584dfa12ef685a748f377d256cba89522 9754a5aadd8fbb8f1122ccb247ac3882dc2029ae40f47518c531d3bc5ab1ccab
Ethereum-Wallet-linux64-0-9-0.deb e6d1c60b03aa91e43d4133d293db8b06f9c294115a6ca813dbb8cc76fb2dd637 61bbbd98db7dbf06c8345b37a86298d8b77c22873b6dcdb2fcc3c675dc2b276a
Ethereum-Wallet-installer-0-9-0.exe 14dac9f49890f8c7ca7adf57fdabea03206c1ccb901c046b9194399dbf04a728 00216315534a392bc3d8d64cc9c4409f8dd30e2a01f38563d7d1c564c000c74e 40a83396da0bf7f65cf6a5c7e9d4baa8b18aba06d2741608e839bde22bc42a63
Ethereum-Wallet-macosx-0-9-0.dmg 4077b08122b5d3480191a1c9d52b09934202cc5af755f172b276581b2729c8b2
File Checksum (md5)
Mist-linux32-0-9-0.deb 0516b92c89362c21684368ecfcd363ee 011011f738872f18deb777a5dc5b1c11
Mist-linux64-0-9-0.deb 8be319b1434d7413a53c1e06536efaa7 0aadafc1ea3e4b9733391cff31ee2df3
Mist-installer-0-9-0.exe 51b2f490095d088f6399b1dcfab97271 ce33256df20247d6fe10d1142ffbf83f 7fd74227835e827cc43deaceb51f6d49
Mist-macosx-0-9-0.dmg 417eb91b23dbb23d208709adeae8f15b
Ethereum-Wallet-linux32-0-9-0.deb 7616e26811d2ed78ef40783cd116497d c1b9099fbffd4a459adb6beb36a6ac26
Ethereum-Wallet-linux64-0-9-0.deb 341d005af32a0848a261d4c632744017 17ab26c80a364642683d81ca281bd2cb
Ethereum-Wallet-installer-0-9-0.exe a88f1235a7a3eb070e170b190a31f486 cac95833f0394d656e61174d74184739 c89af8a919a1581b1cefbd1d8c48c65d
Ethereum-Wallet-macosx-0-9-0.dmg f19165e94dc1facba3289f43abcda58b

2017-08-20 edit: fixed Mist-0-9-0.dmg and Ethereum-Wallet-0-9-0.exe SHA256 checksums.

Ethereum Wallet and Mist v0.8.10

@evertonfraga evertonfraga released this May 23, 2017 · 645 commits to master since this release

screen shot 2017-05-09 at 11 03 08

Deprecation notice

As Mist 0.9.0 release is approaching, we'd like to inform that in the near future, from 0.9.0 onwards it won't inject web3 object by default on Dapps. This is a measure to keep Dapps stable on the long run as ethereum ecosystem evolves. We'll provide a developer preview version, so Dapp developers will have time to update their Dapps accordingly.

The web3.currentProvider object will still remain for a period of time for backwards compatibility and a new provider object will be introduced.


  • This version features a whole new and sidebar, giving people more room to browse, while presenting the Dapps in a beautifully, more prominent way.

  • Fixes a bug that made tabs disappear for some users.

  • Reinforced the need of backing up keystores.

  • Improved password strength validation when creating accounts. From now on, the passwords should have at least 8 characters.

  • Fixed wallet importing issue.

⚠️ As Mist is still under a security audit, please don't visit untrusted DApps with your Mist browser in order to reduce risks.

See the full changelog:

PR Description
#1753 i18n: partial update to German translation
#1783 i18n: add missing meteor package 'numeral:languages'
#1784 readme: update dependencies paragraph
#2067 Importer: Improve console messages
#2126 yarn: update node-modules
#2129 spectron: increase timeout for "file" protocol should be disallowed on browser bar
#1642 gulp: Refactor and Ethereum-Wallet NSIS installer
#2137 gulp: makensis: remove debug loglevel
#1751 ESLint: fix simple rule violations in 'interface'
#1752 ESLint: exclude auto-generated 'signatures.js'
#2094 Remove .mention-bot
#534 Solidity compiler version missing
#714 Error/infinite import of wallet-file
#1050 Show hint on node related menu labels if external node is used
#1489 Wallet tab losing attributes
#1640 Sidebar revamp
#1641 Persisting main window bounds
#1647 Sync was being skipped
#1665 Updates confirmation window size issue
#1680 Last days of dechunker
#1682 Language setting not persistent
#1736 Switch to camelCase for var 'lang_code'
#1737 Perm-tests: add 'bzz' to 'should only contain allowed attributes' test
#1738 Add ES6 support to the meteor interface
#1749 Enable translations on splash screen
#1750 Fix sync stops at 2% on Windows 32-bit
#1775 Show backup hint when createing accounts, demanding min 8 characters
#2140 Removing old code. Fixes small bug
#2146 Update geth 1.6.0
#2124 Fix bug preventing to pass multiple flags to the node

Checksums SHA-256









Ethereum Wallet and Mist 0.8.9 - "The Wizard"

@evertonfraga evertonfraga released this Feb 4, 2017 · 737 commits to master since this release

Mist Wizard Installer

- **Full fledged Windows Installers**: This version includes the new installer for Windows created by @tgerring, which lets you choose the directory to install Mist in, as well as the `data-dir` of the ethereum node. It's one installer for both 32 and 64-bit computers.

Note that the data-dir is set as a parameter in Mist shortcut properties, at the installation stage; not in Mist's preferences.

  • App Signing: Mist for Mac OS X is now signed by the Ethereum Foundation.
  • Solidity Compiler: Now featuring version 0.4.8.

Remix IDE

- **Remix IDE option on menu** 0.8.9 also has a new menu entry to open Remix IDE, so now you have plenty of room to write your contracts without leaving Mist. Head to `Develop > Open Remix IDE`.


- **A test suite is born:** It was about time for Mist to have a solid set of integration tests. Now we're starting to kill this debt with a [Spectron]( test suite, that uses the amazing to interact with the `webview` instances. - **Fixes offline startup edge case** #1571.

See the full changelog at Milestone 0.8.9.

Checksums (SHA256)







Ethereum Wallet and Mist 0.8.8 - "smashing vulnerabilities"

@frozeman frozeman released this Dec 16, 2016 · 738 commits to master since this release

For this release Mist undergone an Audit by Cure53, which was a very needed endeavour and we are thankful for the great expertise of the Cure53 team.


This audit led to a lot of useful findings that strengthen the security of the Mist browser when interacting with external DApps.

Though we also found certain vulnerabilities in electron, which is what Mist (and others like: Brave, Slack and Gitter) uses that we can't fix fully at the current point in time, without changes on the electron side, which we communicated to them. Luckily their team is very responsive and right on track to fix those as i write.

_For now don't visit untrusted DApps with your Mist browser to reduce risk!!_

We will hopefully in the next release be able to secure the electron vulnerabilities and provide a safe browser experience.

Some of the security issues allowed:

  • Execution of simple code in the Mist interface context
  • Popping up spoofed alert windows
  • Changing the interface by dragging files into it
  • Directing to file paths (which is disabled for now, on some occasions)
  • File path attacks using HTTP redirects
  • UI breaks

We also fixed all issues on the Mist side that allowed to break the interface. We added a new 400 error page for disallowed URLs. We also improved the security of scripts running inside the DApps context and improved overall webview security. We might publish the full list of vulnerabilities at a later point in time.

Big thanks goes to @cure53 and their great team for disassembling Mist and especially its integration of third party content. We will very likely have follow up audits of more aspects of the Mist browser.

Bug fixes

This release has major stability improvements on the node connection between tabs and the stability of the sockets, which were freezing Mist at times.

The wallet was also updated and should now have the problem with the confirmation windows solved.

Additionally we fixed the following issues:

  • prompts users when there are geth updates and allows them to opt-in to update it
  • fixed flickering of icons
  • fixed directing of URLs into the browser tab
  • fixed removal of wallet tab title

Full change log:

Checksums (SHA-256)





Ethereum Wallet




Ethereum Wallet and Mist Beta 0.8.7

@evertonfraga evertonfraga released this Oct 27, 2016 · 832 commits to master since this release

This is a security fix.

Mist users are highly recommended to update in order to keep account integrity when browsing through untrusted Dapps. Ethereum Wallet is not affected. See below.

Some Mist API methods were exposed, making it possible that malicious webpages get access to a privileged interface that could delete files on the local filesystem or launch registered protocol handlers and obtain sensitive information, such as the user directory or the user's coinbase.

Previously vulnerable exposed Mist APIs:

  • mist.dirname
  • mist.syncMinimongo
  • web3.eth.coinbase is now null, if the account is not allowed for the dapp

Upgrade to this version of the Mist Browser. Do not use any previous Mist version to navigate to any untrusted webpage, or local webpages from unknown origins. Ethereum Wallet is not affected as it doesn't allow navigation to external pages.

This is a good reminder that currently Mist is considered only for Ethereum App Development and should not be used for end users to navigate on the open web until it is reached at least version 1.0. An external audit of Mist is scheduled.

We'd like to thank the vulnerability discoverer Tintinweb for his responsible disclosure and remind everyone that we have a bounty program at

Checksums (SHA-256)


f464b15ea1179efff96d81c568b5991cf09c6b846244933bf25886d95e9ce2d8  Mist-linux32-0-8-7.deb
075dae83299157b309af208c1a233f851e8c633b798c29c5551dc26977d49304  Mist-linux64-0-8-7.deb
d8f5a442292b7a5faf4423a765fd34d4f08913ed59950c12c0c0f4447f64c278  Mist-macosx-0-8-7.dmg
ee4ef1de9c5fc136b76164a8c78c44ba435246c0e795ada412fb75cc4bf87337  Mist-win32-0-8-7.exe
a27e4f83d609b5d5a5935b005de2a25b4ed6f4b2e8a33aa1622d5413660e50c5  Mist-win64-0-8-7.exe


4b61a4a1f4488a72848322d444e374d69ea190519c6e96ee002699d578a3bb5b  Ethereum-Wallet-linux32-0-8-7.deb
1800f51e570353c082f0004cdb349109ff9d1b69d64232bf7d384b244c163837  Ethereum-Wallet-linux64-0-8-7.deb
f9c89ba595ba6db9b976e1747c5355f01608dc09a44409fc1cd2c76b0660852c  Ethereum-Wallet-macosx-0-8-7.dmg
0ded87f21a7cedf39dd205c079c0a545e8dc1961d6303aa17eca44b01dedfc52  Ethereum-Wallet-win32-0-8-7.exe
5cd5ff833743aa031212bc95fd87db1fb54ea703e30adbdb24f11d3218ff4462  Ethereum-Wallet-win64-0-8-7.exe

Ethereum Wallet and Mist Beta 0.8.6

@evertonfraga evertonfraga released this Oct 16, 2016 · 833 commits to master since this release

This Wallet/Mist version contains the Geth 1.4.18 "Note 7", which includes the EIP150 1b/1c Hardfork.

Read this post by @holiman for more info about the hard-fork:


Also, 0.8.6 adds a possibility to update the underlying ethereum client automatically, without need of a new Mist version. It checks the current client version against clientBinaries.json.

Happy forking.

Checksums (SHA256)


ebe7792e8b05e426d5a48f2eedcbfab8526ced786e826d37529162c9980f59cf  Mist-linux32-0-8-6.deb
3060bb63f7c30c2aa9fc3ce082886112176c267c6f5eafc50f8df5937a5eaf59  Mist-linux64-0-8-6.deb
3a66606aad465d8295e29e9711f5e76630c36bfd6064966ed6b7b4c194320acd  Mist-macosx-0-8-6.dmg
39ea243f52346a3fbb988e676e94457a34666e3164666becb0f8e0b424ddbe31  Mist-win32-0-8-6.exe
39c0183c713aa5c150e4643de19749747c36f3dda2de24c99200aeb954f4ab62  Mist-win64-0-8-6.exe


a8f4688b4205b395aad46c4e0a8cfe302d6f18b8271aed1a65599df524ff4288  Ethereum-Wallet-linux32-0-8-6.deb
fe5305ec6f81c44d0a402b355062e6761567f735591c215b5334bab421032b2b  Ethereum-Wallet-linux64-0-8-6.deb
1b72cbeeb439517e7e20fabf9c39bb3263cca78c0074b11a76ea0a0586a51d30  Ethereum-Wallet-macosx-0-8-6.dmg
4665f7d7380b7dd10442d87a000a1c78ea98e3b3737f9cfe2b451dd0518b0b88  Ethereum-Wallet-win32-0-8-6.exe
be1537c91aae7f2afa85ae35f4175b9cde8eaf488c7f69e4dae3563efda9970f  Ethereum-Wallet-win64-0-8-6.exe