Closed Bug 632631 Opened 13 years ago Closed 6 months ago

Resource information of NSS DLLs is inconsistent with other files & with Authenticode signatures

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows 7
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: briansmith, Unassigned)

References

Details

Example: The DLL's CompanyName is "Mozilla Foundation" but these DLLs will be signed with a cert issued to "Mozilla Corporation."

The resource information for other executables and DLLs shipped with Firefox is also inconsistent with the resource information for the NSS DLLs. For example, the other DLLs contain license and trademark notes. I am not sure how important it is for this to be consistent.

I filed this in the NSS component because my understanding is that the Mozilla-signed NSS DLLs will be the "official", FIPS-validated executables for Windows (at least for Softoken and/or FreeBL).
We can change CompanyName to just "Mozilla".

We intentionally omitted all optional strings such as LegalCopyright
and LegalTrademarks to avoid this very issue.

The strings in the version info resource can be modified in a compiled
DLL.  I found several commercial tools with a web search.
Severity: minor → S4
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.