The NSS team has released Network Security Services (NSS) 3.53.1 on 16 June 2020. This is a security patch release.
Thank you to Sohaib ul Hassan, Billy Bob Brumley, and the Network and Information Security Group (NISEC) at Tampere University for reporting this issue and providing a patch. The HG tag is NSS_3_53_1_RTM. NSS 3.53.1 requires NSPR 4.25 or newer. NSS 3.53.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_53_1_RTM/src/ Bugs fixed in NSS 3.53.1 - Bug 1631597 (CVE-2020-12402) - Use constant-time GCD and modular inversion in MPI. Full release notes are available at https://wiki.developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto