Ethereum Wallet and Mist Beta 0.8.7

@evertonfraga evertonfraga released this Oct 26, 2016 · 94 commits to master since this release

This is a security fix.

Mist users are highly recommended to update in order to keep account integrity when browsing through untrusted Dapps. Ethereum Wallet is not affected. See below.

Some Mist API methods were exposed, making it possible that malicious webpages get access to a privileged interface that could delete files on the local filesystem or launch registered protocol handlers and obtain sensitive information, such as the user directory or the user's coinbase.

Previously vulnerable exposed Mist APIs:

  • mist.dirname
  • mist.syncMinimongo
  • web3.eth.coinbase is now null, if the account is not allowed for the dapp

Upgrade to this version of the Mist Browser. Do not use any previous Mist version to navigate to any untrusted webpage, or local webpages from unknown origins. Ethereum Wallet is not affected as it doesn't allow navigation to external pages.

This is a good reminder that currently Mist is considered only for Ethereum App Development and should not be used for end users to navigate on the open web until it is reached at least version 1.0. An external audit of Mist is scheduled.

We'd like to thank the vulnerability discoverer Tintinweb for his responsible disclosure and remind everyone that we have a bounty program at

Checksums (SHA-256)


f464b15ea1179efff96d81c568b5991cf09c6b846244933bf25886d95e9ce2d8  Mist-linux32-0-8-7.deb
075dae83299157b309af208c1a233f851e8c633b798c29c5551dc26977d49304  Mist-linux64-0-8-7.deb
d8f5a442292b7a5faf4423a765fd34d4f08913ed59950c12c0c0f4447f64c278  Mist-macosx-0-8-7.dmg
ee4ef1de9c5fc136b76164a8c78c44ba435246c0e795ada412fb75cc4bf87337  Mist-win32-0-8-7.exe
a27e4f83d609b5d5a5935b005de2a25b4ed6f4b2e8a33aa1622d5413660e50c5  Mist-win64-0-8-7.exe


4b61a4a1f4488a72848322d444e374d69ea190519c6e96ee002699d578a3bb5b  Ethereum-Wallet-linux32-0-8-7.deb
1800f51e570353c082f0004cdb349109ff9d1b69d64232bf7d384b244c163837  Ethereum-Wallet-linux64-0-8-7.deb
f9c89ba595ba6db9b976e1747c5355f01608dc09a44409fc1cd2c76b0660852c  Ethereum-Wallet-macosx-0-8-7.dmg
0ded87f21a7cedf39dd205c079c0a545e8dc1961d6303aa17eca44b01dedfc52  Ethereum-Wallet-win32-0-8-7.exe
5cd5ff833743aa031212bc95fd87db1fb54ea703e30adbdb24f11d3218ff4462  Ethereum-Wallet-win64-0-8-7.exe