3 files changed, 23 insertions, 1 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d7b6316db..c9149287f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 - Now redirects from known malicious sites faster.
 - Added a link to our new support page to the help screen.
+- Fixed bug where a new transaction would be shown over the current transaction, creating a possible timing attack against user confirmation.
 
 ## 3.9.0 2017-7-12
 
diff --git a/test/unit/tx-helper-test.js b/test/unit/tx-helper-test.js
new file mode 100644
index 000000000..cc6543c30
--- /dev/null
+++ b/test/unit/tx-helper-test.js
@@ -0,0 +1,17 @@
+const assert = require('assert')
+const txHelper = require('../../ui/lib/tx-helper')
+
+describe('txHelper', function () {
+  it('always shows the oldest tx first', function () {
+    const metamaskNetworkId = 1
+    const txs = {
+      a: { metamaskNetworkId, time: 3 },
+      b: { metamaskNetworkId, time: 1 },
+      c: { metamaskNetworkId, time: 2 },
+    }
+
+    const sorted = txHelper(txs, null, null, metamaskNetworkId)
+    assert.equal(sorted[0].time, 1, 'oldest tx first')
+    assert.equal(sorted[2].time, 3, 'newest tx last')
+  })
+})
diff --git a/ui/lib/tx-helper.js b/ui/lib/tx-helper.js
index ec19daf64..afc62e7b6 100644
--- a/ui/lib/tx-helper.js
+++ b/ui/lib/tx-helper.js
@@ -12,6 +12,10 @@ module.exports = function (unapprovedTxs, unapprovedMsgs, personalMsgs, network)
   const personalValues = valuesFor(personalMsgs)
   log.debug(`tx helper found ${personalValues.length} unsigned personal messages`)
   allValues = allValues.concat(personalValues)
+  allValues = allValues.sort((a, b) => {
+    return a.time > b.time
+  })
 
-  return allValues.sort(txMeta => txMeta.time)
+  return allValues
 }
+