Zpět na portál zabezpečení
Insufficient field size check in Protobuf
Nahlášeno July 12, 2021
Without this check, an attacker could trick the user into signing a Stellar transaction moving their assets while thinking they are signing a ManageData transaction. Fixed in firmware 1.10.3.
Vyřešené zranitelnosti
Nahlášeno komunitou. Prošetřeno. Vyřešeno. Protože vaše bezpečnost není nikdy volitelná.
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024
- Missing confirmation in the ECDHSessionKey callNovember 26, 2023
- XSS in Trezor Connect legacy versionsFebruary 7, 2023
- XSS in Trezor ConnectAugust 3, 2020
- Missing path isolation checkJuly 14, 2020