Retour au portail de sécurité
Insufficient field size check in Protobuf
Signalé sur July 12, 2021
Without this check, an attacker could trick the user into signing a Stellar transaction moving their assets while thinking they are signing a ManageData transaction. Fixed in firmware 1.10.3.
Vulnérabilités résolues
Signalé par la communauté. Examiné. Résolu. Parce que votre sécurité n’est jamais optionnelle.
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024
- Missing confirmation in the ECDHSessionKey callNovember 26, 2023
- XSS in Trezor Connect legacy versionsFebruary 7, 2023
- XSS in Trezor ConnectAugust 3, 2020
- Missing path isolation checkJuly 14, 2020