**Beta/Release Uplift Approval Request** • **User impact if declined:** For users with certain third-party PKCS11 modules, the browser may become unresponsive and fail to load websites over HTTPS. (Bug 1682881) • **Is this code covered by automated tests?:** Yes, but using certain third-party PKCS11 modules is what triggers the deadlock. There is no test that reproduces this. • **Has the fix been verified in Nightly?:** Yes. The code landed in m-c in https://hg.mozilla.org/mozilla-central/rev/bc61343b5d68. Verified in Beta. • **List of other uplifts needed:** None. • **Risk to taking this patch:** Low-medium. The bugfix code has not been run in release yet, but it seems to have stopped these crash reports in 85. • **Why is the change risky/not risky? (and alternatives if risky):** The fix landed in Nightly 85 and is now in Beta. It has been verified with both Firefox and curl using NSS. It’s a (relatively) simple relaxation of the locking order that seems to have caused the deadlock. • **String changes made/needed:** None
Bug 1683004 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
**Beta/Release Uplift Approval Request** • **User impact if declined:** For users with certain third-party PKCS11 modules, the browser may become unresponsive and fail to load websites over HTTPS. (Bug 1682881) • **Is this code covered by automated tests?:** Yes, but using certain third-party PKCS11 modules is what triggers the deadlock. There is no test that reproduces this. • **Has the fix been verified in Nightly?:** Yes. The code landed in m-c in https://hg.mozilla.org/mozilla-central/rev/bc61343b5d68. Verified in Beta. • **List of other uplifts needed:** None. • **Risk to taking this patch:** Low-medium. The bugfix code has not been run in release yet, but it seems to have stopped these crash reports in 85. • **Why is the change risky/not risky? (and alternatives if risky):** The fix landed in Nightly 85 and is now in Beta. It has been verified with both Firefox and curl using NSS. It's a relatively simple relaxation of the previous patch, removing the nested locking that caused the deadlock. • **String changes made/needed:** None
(below)