Network Security Services (NSS) 3.117 was released on 3 October 2025.
The HG tag is NSS_3_117_RTM. This version of NSS requires NSPR 4.37 or newer. The latest version of NSPR is 4.37.
NSS 3.117 source distributions are available on
ftp.mozilla.org for secure HTTPS download:
<
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_117_RTM/src/>
Changes:
- Bug 1992218 - fix memory leak in secasn1decode_unittest.cc.
- Bug 1988913 - Add OISTE roots.
- Bug 1976051 - Add runbook for certdata.txt changes.
- Bug 1991666 - dbtool: close databases before shutdown.
- Bug 1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates.
- Bug 1956754 - don’t flush base64 when buffer is null.
- Bug 1989541 - Set use_pkcs5_pbkd2_params2_only=1 for fuzzing builds.
- Bug 1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs.
- Bug 1980465 - Fix a big-endian-problematic cast in zlib calls.
- Bug 1962321 - Revert removing out/ directory after ossfuzz build.
- Bug 1988524 - Add Cryptofuzz to OSS-Fuzz build.
- Bug 1984704 - Add PKCS#11 trust tests.
- Bug 1983308 - final disable dsa patch cert.sh.
- Bug 1983320 - ml-dsa: move tls 1.3 to use streaming signatures.
- Bug 1983320 - ml-dsa: Prep Create a FindOidTagByString function.
- Bug 1983320 - ml-dsa: softoken changes.
- Bug 1983320 - ml-dsa: der key decode.
- Bug 1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi.
- Bug 1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function.
NSS
3.117 shared libraries are backwards-compatible with all older NSS
3.x shared libraries. A program linked with older NSS 3.x shared
libraries will work with this new version of the shared libraries
without recompiling or relinking. Furthermore, applications that
restrict their use of NSS APIs to the functions listed in NSS Public
Functions will remain compatible with future versions of the NSS shared
libraries.
Bugs discovered should be reported by filing a bug report at <
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at <
https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.