.. _mozilla_projects_nss_nss_3_123_release_notes:

NSS 3.123 release notes
=======================

`Introduction <#introduction>`__
--------------------------------

.. container::

   Network Security Services (NSS) 3.123 was released on *16 April 2026**.

`Distribution Information <#distribution_information>`__
--------------------------------------------------------

.. container::

   The HG tag is NSS_3_123_RTM. NSS 3.123 requires NSPR 4.38.2 or newer.

   NSS 3.123 source distributions are available on ftp.mozilla.org for secure HTTPS download:

   -  Source tarballs:
      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_123_RTM/src/

   Other releases are available :ref:`mozilla_projects_nss_releases`.

.. _changes_in_nss_3.123:

`Changes in NSS 3.123 <#changes_in_nss_3.123>`__
------------------------------------------------------------------

.. container::

   - Bug 2023202 - Add gtests for SSL_ReconfigFD covering certs, ALPN, PSK, and double-reconfig.
   - Bug 2022410 - handle client cert callback completion prior to server Finished.
   - Bug 2023202 - Extract ssl_CopySocketConfig() to remove duplicate logic in SSL_ReconfigFD.
   - Bug 2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey (NSS 3.90.5).
   - Bug 2029462 - store email on subject cache_entry in NSS trust domain.
   - Bug 2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
   - Bug 2029323 - Improve size calculations in CMS content buffering.
   - Bug 2028001 - avoid integer overflow while escaping RFC822 Names.
   - Bug 2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
   - Bug 2027365 - Deep copy profile data in CERT_FindSMimeProfile.
   - Bug 2027345 - Improve input validation in DSAU signature decoding.
   - Bug 2026089 - Clarify extension negotiation mechanism for TLS Handshakes (NSS 3.90.5).
   - Bug 2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree r?jschanck.
   - Bug 2009552 - avoid integer overflow in platform-independent ghash.
   - Bug 1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
   - Bug 2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
   - Bug 2029752 - Improving the allocation of S/MIME DecryptSymKey.
   - Bug 2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
   - Bug 2019357 - RSA_EMSAEncodePSS should validate the length of mHash r?nkulatova.
   - Bug 2026156 - Add a maximum cert uncompressed len and tests.
   - Bug 2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
   - Bug 2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
   - Bug 2019224 - Remove invalid PORT_Free(), r?#nss-reviewers,djackson.
   - Bug 1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed r?#nss-reviewers.
   - Bug 2027382 - Reject oversized inputs in UTF-8 conversion functions.
   - Bug 1998526 - Align PKCS7 digest array with digestAlgorithms.
   - Bug 2030729 - remove SEC_ASN1_CHOICE entries from PQ private key templates.
   - Bug 2029782 - fix 8-byte over-read of AES-192 key buffer in x86 builds without USE_HW_AES.
   - Bug 2031163 - set PK11_ChangePW error after PK11_InitToken.
   - Bug 2026025 - Extend ./mach tests & all.sh to pretty print their output.
   - Bug 2029720 - avoid integer overflow when converting AVA value to hex string.
   - Bug 2030979 - handle SEC_ASN1_NULL in sec_asn1e_contents_length.
   - Bug 2027329 - PK11SDR_Decrypt: allowlist supported encryption algorithms.
   - Bug 2029783 - fix use of PORT_ArenaGrow when decoding multi-chunk PKCS#7 EncryptedData with no content callback.
   - Bug 2029818 - avoid refcount over-release in CERT_CertChainFromCert error path.
   - Bug 2030794 - avoid memory leak in SECITEM_FreeArray.
   - Bug 2027847 - Set nssckbi version to 2.86.
   - Bug 2027847 - Remove FIRMAPROFESIONAL CA ROOT-A WEB from NSS.
   - Bug 2020164 - Remove GLOBALTRUST 2020 from NSS.
   - Bug 2020151 - Remove TeliaSonera Root CA v1 from NSS.
   - Bug 2020144 - Remove Six Viking Cloud Root CAs from NSS.
   - Bug 2020137 - Turn off certain Trust Bits in NSS for Five GTS CAs.
   - Bug 2017471 - Remove Websites Trust Bit from SwissSign Gold CA - G2.
   - Bug 2017468 - Remove OU=certSIGN ROOT CA from NSS.
   - Bug 2017464 - Remove Websites Trust Bit from Root CN=Certigna.
   - Bug 2017460 - Remove AffirmTrust Roots from NSS.
   - Bug 2017453 - Remove Websites Trust Bit from DigiCert 2006 Roots.
   - Bug 2017348 - Remove Websites Trust Bit from Entrust Root Certification Authority – G2 & EC1.
   - Bug 2017345 - Remove Websites Trust Bit from COMODO Certification Authority.
   - Bug 2017322 - Set CKA_NSS_SERVER_DISTRUST_AFTER for CN=Izenpe.com.
   - Bug 2016750 - Remove Email Trust Bit from Four Amazon Root CAs.
   - Bug 2029431 - avoid signed int overflow in CTS_EncryptUpdate.
   - Bug 2030100 - VerifyCodeSigningCertificateChain: require at least one certificate.
   - Bug 2029721 - fix use of uninitialised length after failed PK11_SignWithMechanism.
   - Bug 2029731 - modify linked-list only on success in CERT_AddExtensionByOID.
   - Bug 2029746 - reject oversized DSA subPrime values.
   - Bug 2029740 - check object handle types in NSC_EncapsulateKey and NSC_DecapsulateKey.
   - Bug 2029448 - enforce minimum buffer length in sftk_CheckCBCPadding.
   - Bug 2029432 - validate parameter length in sftk_ChaCha20_Poly1305_Message_Encrypt.
   - Bug 2029771 - Heap use-after-free in [@ token_destructor] reading tok->pk11slot after nssToken_Destroy frees the token arena.
   - Bug 2029774 - Invalid free of arena-interior pointer in [@ DSA_NewRandom] due to inverted arena guard.
   - Bug 2029885 - avoid leaving dangling pointer in tls_DestroySignOrVerifyContext.
   - Bug 2022059 - NSS can't import, store, or export mlk-kem keys.
   - Bug 2029439 - fix instances of softoken attributes freed after owning object.
   - Bug 2027381 - improve error handling in SECITEM_DupArray with non-null arena.
   - Bug 2027324 - NSS_CMSContentInfo_SetContent: only modify cinfo if everything succeeds.
   - Bug 2027363 - initialize src in SEC_PKCS5GetIV.
   - Bug 2029046 - clang format.
   - Bug 2029046 - changes to allow building gtests from mozilla-central.
   - Bug 2029182 - split database creation scripts out of ssl_gtests.sh and gtests.sh.
   - Bug 2017948 - handleObjects in Softoken needs cleanup.
   - Bug 2027383 - fix maxSize calculation in NSSUTIL_AddNSSFlagToModuleSpec.
   - Bug 2029023 - add missing breaks in CheckECDHShareReuse test helper.
   - Bug 2027434 - avoid integer underflow in sec_CreateRSAPSSParameters.
   - Bug 2007224 - mlDsaPubTemplate is missing a CKA_ENCAPSULATE entry.
   - Bug 2024530 - Add clang-tidy CI job with security-focused checks.
   - Bug 1834672 - Adjust PBE iteration limit.
   - Bug 2025100 - Update Botan version for cryptofuzz.
   - Bug 2017788 - FIPS indicators need to take into account target keys.
   - Bug 1965329 - add failure checks to pk11_mergeTrust() .
   - Bug 2024785 - consistently protect SFTKSlot.{isLoggedIn,ssoLoggedIn,needLogin} with slotLock.
   - Bug 2025098 - Part 2: Always return unique nickname for PKCS12 fuzzer.
   - Bug 2025098 - Part 1: Simplify fuzzer MAC verification to always pass.
   - Bug 1834672 - Limit PBE iteration count.
   - Bug 2025801 - TLS interoperability tests - fix gnutls flakiness and extend to all platforms.
   - Bug 2012680 - improve DER_GetInteger error handling.
   - Bug 2017987 - Fix missing zero-init in generate_blinding_params.
   - Bug 2017987 - Need "partial public key validation" for RSA OAEP in FIPS mode.