Closed Bug 728617 Opened 8 years ago Closed 8 years ago

Update Mozilla to NSS 3.13.3 (and mozilla-10 will need NSPR 4.9)


(Core :: Security: PSM, defect)

10 Branch
Not set



Tracking Status
firefox11 + fixed
firefox12 + fixed
firefox-esr10 11+ fixed
status1.9.2 --- wontfix


(Reporter: KaiE, Assigned: KaiE)



(Whiteboard: [qa-])

Update Mozilla to NSS 3.13.3

The changes between .2 and .3 are minimal.

There are only correctness changes, a fix to active distrust, and a patch to actively distrust the MITM subCAs issued by TrustWave.

The changes can be seen here:

(ignore the generated code in certdata.c - only read certdata.txt)
I have r=rrelyea for the plan to update to 3.13.3
Try build for mozilla-central:

Try build for mozilla-aurora:

Try build for mozilla-beta:
Try build for mozilla-beta:
This updated NSS release actively distrusts the MITM subCA certificates that were issued by Trustwave.

Pushed to mozilla-inbound

Proposed for mozilla-beta (11) and mozilla-aurora (12).
Blocks: 724929
Proposing for the Firefox 10 / 10 esr.
If you do upgrade NSS to this newer release, you must also upgrade NSPR to 4.9.
Summary: Update Mozilla to NSS 3.13.3 → Update Mozilla to NSS 3.13.3 (and mozilla-10 will need NSPR 4.9)
Depends on: 727167
No need to track already-shipped Fx10, but we should land this on ESR when we take it for release (fx11 I hope, if not Fx12). We can live without this on 3.6.x since this would be a bigger upgrade on that branch and it's practically EOL.
Low risk and the security team recommends we take for FF11 and up (m-c, m-a, m-b). Also tracking for the  ESR - this should land ASAP. Please see for how to land on mozilla-esr10. a=akeybl
Assignee: nobody → kaie
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.