Closed Bug 1688685 Opened 3 months ago Closed 3 months ago

Upgrade Firefox 87 to use NSS 3.62


(Core :: Security: PSM, enhancement, P1)

Firefox 87



Tracking Status
firefox87 --- affected


(Reporter: kjacobs, Assigned: beurdouche)



(4 files)

Tracking NSS 3.62 for Firefox 87. Ultimate tag will be NSS_3_62_RTM.

Assignee: nobody → kjacobs.bugzilla
Pushed by
land NSS 92dcda94c1d4 UPGRADE_NSS_RELEASE, r=bbeurdouche

2021-02-04 Kevin Jacobs <>

* gtests/ssl_gtest/, lib/ssl/ssl3ext.c:
Bug 1690583 - Fix CH padding extension size calculation. r=mt

Bug 1654332 changed the way that NSS constructs Client Hello
messages. `ssl_CalculatePaddingExtLen` now receives a
`clientHelloLength` value that includes the 4B handshake header.
This looks okay per the inline comment (which states that only the
record header is omitted from the length), but the function actually
assumes that the handshake header is also omitted.

This patch removes the addition of the handshake header length.
Those bytes are already included in the buffered CH.

[fc3a4c142c16] [tip]

* automation/abi-check/
Bug 1690421 - Adjust 3.62 ABI report formatting for new libabigail.


2021-02-03 Kevin Jacobs <>

* automation/taskcluster/docker-builds/Dockerfile:
Bug 1690421 - Install packaged libabigail in docker-builds image


2021-01-31 Kevin Jacobs <>

* cmd/selfserv/selfserv.c, cmd/tstclnt/tstclnt.c,
lib/ssl/tls13hashstate.c, lib/ssl/tls13hashstate.h:
Bug 1689228 - Minor ECH -09 fixes for interop testing, fuzzing. r=mt

A few minor ECH -09 fixes for interop testing and fuzzing:
- selfserv now takes a PKCS8 keypair for ECH. This is more
maintainable and significantly less terrible than parsing the
ECHConfigs and cobbling one together within selfserv (e.g. we can
support other KEMs without modifying the server).
- Get rid of the newline character in tstclnt retry_configs output.
- Fuzzer fixes in tls13_HandleHrrCookie:
 - We shouldn't use internal_error when PK11_HPKE_ImportContext fails.
Cookies are unprotected in fuzzer mode, so this can be expected to
 - Only restore the application token when recovering hash state,
otherwise the copy could happen twice, leaking one of the


2021-01-25 Kevin Jacobs <>

* lib/ssl/ssl3exthandle.c:
Bug 1674819 - Fixup a51fae403328, enum type may be signed.

Pushed by
land NSS fc3a4c142c16 UPGRADE_NSS_RELEASE, r=kjacobs
Assignee: kjacobs.bugzilla → bbeurdouche

2021-02-05 Danh <>

* gtests/
Bug 1688374 - Fix parallel build NSS-3.61 with make. r=kjacobs

[a5c857139b37] [NSS_3_62_BETA1]

2021-02-05 Robert Relyea <>

* lib/libpkix/pkix/util/pkix_tools.c:
Bug 1682044 pkix_Build_GatherCerts() + pkix_CacheCert_Add() can
corrupt "cachedCertTable"

Patch by Andrew Cagney Preliminary Review by Ryan Sleevie Tested
against rrelyea. r=kjacobs

(this bug is old)

pkix_Build_GatherCerts() has two code paths for creating the list

 pkix_CacheCert_Lookup() this sets "certsFound" to a new list
"certsFound" and "cachedCertTable" share items but not the list

 pkix_CacheCert_Add(pkix_pl_Pk11CertStore_CertQuery()) this sets
"certsFound" to a new list; and then adds the list to
"cachedCertTable" "certsFound" and "cachedCertTable" share a linked

Because the latter doesn't create a separate list, deleting list
elements from "certsFound" can also delete list elements from within
"cacheCertTable". And if this happens while pkix_CacheCert_Lookup()
is trying to update the same element's reference, a core dump can

In detail (note that reference counts may occasionally seem off by
1, its because data is being captured before function local
variables release their reference):

pkix_Build_GatherCerts() calls pkix_pl_Pk11CertStore_CertQuery()
(via a pointer) to sets "certsFound":

 PKIX_CHECK(getCerts (certStore, state->certSel, state->verifyNode,
&nbioContext, &certsFound, plContext), PKIX_GETCERTSFAILED);

it then calls:

 PKIX_CHECK(pkix_CacheCert_Add (certStore, certSelParams,
certsFound, plContext), PKIX_CACHECERTADDFAILED);
Pushed by

2021-02-19 Benjamin Beurdouche <>

* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.62 final
[a8e045a9fff6] [NSS_3_62_RTM] <NSS_3_62_BRANCH>

2021-02-15 Benjamin Beurdouche <>

* .hgtags:
Added tag NSS_3_62_BETA1 for changeset a5c857139b37
[145c269c82d6] <NSS_3_62_BRANCH>
Pushed by
land NSS NSS_3_62_RTM UPGRADE_NSS_RELEASE, r=beurdouche
Closed: 3 months ago
Keywords: leave-open
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.