from security\nss\cmd\lib\secutil.c: ... case PW_PLAINTEXT: return PL_strdup(arg); when it actually should be: case PW_PLAINTEXT: return PL_strdup(pwdata->data);
Thanks for the bug report. This bug is already fixed (secutil.c, rev. 1.24, by Ian McGreer). The fix is in NSS 3.2.2 and NSS 3.3.1 but is not in NSS 3.3. Therefore I am setting the target milestone to 3.2.2. Are you using NSS 3.2.1 or NSS 3.3?
I'm using 3.3, my bad.
Please upgrade to NSS 3.3.1. See the release notes (http://www.mozilla.org/projects/security/pki/nss/release_notes_331.html) for information on CVS tag and where to download the source tarball and pre-compiled binary distributions. I just added this bug to the "Bugs Fixed" section in the NSS 3.3.1 release notes. (We didn't open a bug report when we fixed the bug.)