tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nss_3_119.rst (2788B)

      1 .. _mozilla_projects_nss_nss_3_119_release_notes:
      2 
      3 NSS 3.119 release notes
      4 ========================
      5 
      6 `Introduction <#introduction>`__
      7 --------------------------------
      8 
      9 .. container::
     10 
     11   Network Security Services (NSS) 3.119 was released on *4 December 2025**.
     12 
     13 `Distribution Information <#distribution_information>`__
     14 --------------------------------------------------------
     15 
     16 .. container::
     17 
     18   The HG tag is NSS_3_119_RTM. NSS 3.119 requires NSPR 4.38.2 or newer.
     19 
     20   NSS 3.119 source distributions are available on ftp.mozilla.org for secure HTTPS download:
     21 
     22   -  Source tarballs:
     23      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_119_RTM/src/
     24 
     25   Other releases are available :ref:`mozilla_projects_nss_releases`.
     26 
     27 .. _changes_in_nss_3.119:
     28 
     29 `Changes in NSS 3.119 <#changes_in_nss_3.119>`__
     30 ------------------------------------------------------------------
     31 
     32 .. container::
     33 
     34   - Bug 1983320 - Fix ml-dsa return value for  SECKEY_PrivateKeyStrengthInBits.
     35   - No bug - clang format.
     36   - Bug 1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted.
     37   - Bug 2002246: Add a pkcs12 fuzzer with crypto stubbed out.
     38   - Bug 2003314 - handle errors while setting sanitizers cflags in build.
     39   - Bug 1986912 - Ignore IVs for AES KW.
     40   - Bug 2003286: Update Cryptofuzz version.
     41   - Bug 2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled.
     42   - Bug 1975855 - fix forwarding of sqlite_libs in sqlite.gyp.
     43   - Bug 1999204 - fix CPU_ARCH setting for arm64 makefile builds.
     44   - Bug 1998094 - remove unused calcThreads variable from cmd/rsaperf.
     45   - Bug 1978348 - Solving the incorrect tests introduced by extending EKU.
     46   - Bug 1972054: Memory leaks in pkcs12 and pkcs7 decoders.
     47   - Bug 1978348 - Extending parsing with Microsoft Document Signing EKU.
     48   - Bug 1978348 - Extending parsing with Adobe Document Signing EKU.
     49   - Bug 1978348 - Extending pkix parsing with document signing EKUs.
     50   - Bug 2000737 - fix compilation failure on ia32.
     51   - Bug 2000737 - use hardware x64 GCM in static builds.
     52   - Bug 2000737 - separate ppc sha512 library from ppc gcm library.
     53   - Bug 2000737 - simplify cross-compilation from build.sh.
     54   - Bug 1724353 - use clang's integrated assembler.
     55   - Bug 2000737 - remove unused MP_IS_LITTLE_ENDIAN defines.
     56   - Bug 2000737 - fix logic for disabling altivec in gyp builds.
     57   - Bug 1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
     58   - Bug 1972825 - Add TLS interoperability tests with openssl and gnutls.
     59   - Bug 1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest.
     60   - Bug 1965329 - add failure checks to pk11_mergeTrust() .
     61   - Bug 1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*.