2020 Nomination for Best Cryptographic Attack
The Curious Case of WebCrypto Diffie-Hellman on Firefox - Small Subgroups Key Recovery Attack on Diffie-Hellman
Mozilla Firefox prior to version 72 suffers from the Small Subgroups Key Recovery Attack on DH in the WebCrypto API. Firefox is the only browser to implement DH over finite fields in their WebCrypto API. The Firefox’s team fixed the issue removing completely support for DH over finite fields.