Closed
Bug 728617
Opened 12 years ago
Closed 12 years ago
Update Mozilla to NSS 3.13.3 (and mozilla-10 will need NSPR 4.9)
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
mozilla13
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
(Whiteboard: [qa-])
Update Mozilla to NSS 3.13.3 The changes between .2 and .3 are minimal. There are only correctness changes, a fix to active distrust, and a patch to actively distrust the MITM subCAs issued by TrustWave. The changes can be seen here: https://hg.mozilla.org/try/rev/98c45fd7c1a2 (ignore the generated code in certdata.c - only read certdata.txt)
Assignee | ||
Comment 1•12 years ago
|
||
I have r=rrelyea for the plan to update to 3.13.3
Assignee | ||
Comment 2•12 years ago
|
||
Try build for mozilla-central: https://tbpl.mozilla.org/?tree=Try&rev=98c45fd7c1a2 Try build for mozilla-aurora: https://tbpl.mozilla.org/?tree=Try&rev=85d6d69c5b46 Try build for mozilla-beta:
Assignee | ||
Comment 3•12 years ago
|
||
Try build for mozilla-beta: https://tbpl.mozilla.org/?tree=Try&rev=451b32b497bf
Assignee | ||
Comment 4•12 years ago
|
||
This updated NSS release actively distrusts the MITM subCA certificates that were issued by Trustwave. Pushed to mozilla-inbound https://hg.mozilla.org/integration/mozilla-inbound/rev/b0904160af18 Proposed for mozilla-beta (11) and mozilla-aurora (12).
Assignee | ||
Comment 5•12 years ago
|
||
Proposing for the Firefox 10 / 10 esr. If you do upgrade NSS to this newer release, you must also upgrade NSPR to 4.9.
tracking-firefox-esr10:
--- → ?
tracking-firefox10:
--- → ?
Summary: Update Mozilla to NSS 3.13.3 → Update Mozilla to NSS 3.13.3 (and mozilla-10 will need NSPR 4.9)
Comment 6•12 years ago
|
||
No need to track already-shipped Fx10, but we should land this on ESR when we take it for release (fx11 I hope, if not Fx12). We can live without this on 3.6.x since this would be a bigger upgrade on that branch and it's practically EOL.
status1.9.2:
--- → wontfix
tracking-firefox10:
? → ---
Comment 7•12 years ago
|
||
Low risk and the security team recommends we take for FF11 and up (m-c, m-a, m-b). Also tracking for the ESR - this should land ASAP. Please see https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for how to land on mozilla-esr10. a=akeybl
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/b0904160af18
Assignee: nobody → kaie
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 9•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/487e88c24549 https://hg.mozilla.org/releases/mozilla-beta/rev/68833cd025b8
status-firefox11:
--- → fixed
status-firefox12:
--- → fixed
Assignee | ||
Comment 10•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-esr10/rev/086c15bbfa7b
status-firefox-esr10:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•