Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Update Mozilla to NSS 3.13.3 (and mozilla-10 will need NSPR 4.9)

RESOLVED FIXED in Firefox 11

Status

()

Core
Security: PSM
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

10 Branch
mozilla13
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox11+ fixed, firefox12+ fixed, firefox-esr1011+ fixed, status1.9.2 wontfix)

Details

(Whiteboard: [qa-])

(Assignee)

Description

6 years ago
Update Mozilla to NSS 3.13.3

The changes between .2 and .3 are minimal.

There are only correctness changes, a fix to active distrust, and a patch to actively distrust the MITM subCAs issued by TrustWave.

The changes can be seen here:
https://hg.mozilla.org/try/rev/98c45fd7c1a2

(ignore the generated code in certdata.c - only read certdata.txt)
(Assignee)

Comment 1

6 years ago
I have r=rrelyea for the plan to update to 3.13.3
(Assignee)

Comment 2

6 years ago
Try build for mozilla-central:
https://tbpl.mozilla.org/?tree=Try&rev=98c45fd7c1a2

Try build for mozilla-aurora:
https://tbpl.mozilla.org/?tree=Try&rev=85d6d69c5b46

Try build for mozilla-beta:
(Assignee)

Comment 3

6 years ago
Try build for mozilla-beta:
https://tbpl.mozilla.org/?tree=Try&rev=451b32b497bf
(Assignee)

Comment 4

6 years ago
This updated NSS release actively distrusts the MITM subCA certificates that were issued by Trustwave.

Pushed to mozilla-inbound
https://hg.mozilla.org/integration/mozilla-inbound/rev/b0904160af18

Proposed for mozilla-beta (11) and mozilla-aurora (12).
Blocks: 724929
tracking-firefox11: --- → ?
tracking-firefox12: --- → ?
(Assignee)

Comment 5

6 years ago
Proposing for the Firefox 10 / 10 esr.
If you do upgrade NSS to this newer release, you must also upgrade NSPR to 4.9.
tracking-firefox-esr10: --- → ?
tracking-firefox10: --- → ?
Summary: Update Mozilla to NSS 3.13.3 → Update Mozilla to NSS 3.13.3 (and mozilla-10 will need NSPR 4.9)
(Assignee)

Updated

6 years ago
Depends on: 727167
No need to track already-shipped Fx10, but we should land this on ESR when we take it for release (fx11 I hope, if not Fx12). We can live without this on 3.6.x since this would be a bigger upgrade on that branch and it's practically EOL.
status1.9.2: --- → wontfix
tracking-firefox10: ? → ---

Comment 7

6 years ago
Low risk and the security team recommends we take for FF11 and up (m-c, m-a, m-b). Also tracking for the  ESR - this should land ASAP. Please see https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for how to land on mozilla-esr10. a=akeybl
tracking-firefox-esr10: ? → 11+
tracking-firefox11: ? → +
tracking-firefox12: ? → +

Comment 8

6 years ago
https://hg.mozilla.org/mozilla-central/rev/b0904160af18
Assignee: nobody → kaie
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Comment 9

6 years ago
https://hg.mozilla.org/releases/mozilla-aurora/rev/487e88c24549
https://hg.mozilla.org/releases/mozilla-beta/rev/68833cd025b8
status-firefox11: --- → fixed
status-firefox12: --- → fixed
(Assignee)

Comment 10

6 years ago
https://hg.mozilla.org/releases/mozilla-esr10/rev/086c15bbfa7b
status-firefox-esr10: --- → fixed
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.