CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

Debian Security Advisory DSA 1671-1 (iceweasel)

The remote host is missing an update to iceweasel announced via advisory DSA 1671-1. OpenVAS Vulnerability Test $Id: deb16711.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1671-1 iceweasel Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...