Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40580: Mnemonic phrase may be accessed by Javascript through a private API

Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.

CVE
Open in Source
#vulnerability#web#java#chrome

Impact

This vulnerability impacts access control to the mnemonic recovery phrase. It may be possible in some cases for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked.
There is no evidence this security issue was exploited in the wild.

Patches

Freighter wallet 5.3.1 no longer allows Javascript to access the mnemonic phrase through the private API. The extension automatically updates when a new version is published. Every Freighter wallet should be up-to-date with the security patch.
Reminder that users should never install the application outside of the official extension stores.

References

Pull Request: #948

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE