Open Bug 1561368 Opened 6 months ago Updated 2 months ago

NSS should delete key3.db after a successful migration to key4.db


(NSS :: Libraries, defect, P3)



(Not tracked)


(Reporter: KaiE, Unassigned)



The Mozilla applications migrated from key3/dbm to key4/sql.

Because of bug CVE-2018-12383 Firefox implemented code that deletes key3.db after a migration has "apparently" happened. Firefox uses the presence of a key4.db file to conclude that migration has happened (for full details, see ). However, despite the presence of key4.db the migration might still be incomplete.

This behavior has caused problems for Thunderbird, see bug 1510212, which is why we have backed out that Firefox code for TB 60.x, and keep the key3.db file. We'll probably do the same for TB 68.x, bug 1561366.

The correct solution is to change NSS. Only after NSS knows that it has successfully completed the migration, it should clean up the key3.db file.

Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.