What firefox-3.0 was released for sl52 we say the following security 
updates:

> SRPMS:
>   devhelp-0.12-17.el5.src.rpm
>   nss-3.12.0.3-1.el5.src.rpm
>   firefox-3.0-2.el5.src.rpm
>   xulrunner-1.9-1.el5.src.rpm
>   nspr-4.7.1-1.el5.src.rpm
>   yelp-2.16.0-19.el5.src.rpm
...

Later when firefox-3.0.1 was also pushed to sl51, sl50 the set of packages 
updated was:

...
>    SRPMS:
> devhelp-0.12-18.el5.src.rpm
> firefox-3.0.1-1.el5.src.rpm
> xulrunner-1.9.0.1-1.el5.src.rpm
> yelp-2.16.0-20.el5.src.rpm
...

So there were no security updates for nss, nspr at that point, and indeed 
I still seem to have nss-3.11.99.5-2.el5, nspr-4.7.0.99.2-1.el5 as the 
latest versions.

This may be intended, but I notice that on an sl51 box (updated to firefox 
3.0.1) I don't get the "Extended Validation (EV) SSL" stuff appearing in 
the location bar, but I do on a test box running sl52 also using 
firefox-3.0.1

If I update just the nss* packages to the same version as in sl52 then it 
magically works.  I don't know if the nspr security update is also 
actually expected by firefox-3 or not but a trivial test suggests that it 
can be updated to without obvious problems on sl51...

Could/should the nss/nspr errata be pushed to sl51/sl50?

[ anyone who dosn't know about the EV stuff should look at (say) 
https://www.paypal.com/ and see if the box displays a 'run by' message. ]

  -- Jon