Hi Jon, You are indeed correct now that I look at things. We had the firefox and all it's dependencies in the testing area for a while, and it looks like the nss and nspr were updated without the testing ones being updated. I want to verify that this fixes the problem. I am looking at the paypal site, but I don't know where the "run by" message is. Troy Jon Peatfield wrote: > What firefox-3.0 was released for sl52 we say the following security > updates: > >> SRPMS: >> devhelp-0.12-17.el5.src.rpm >> nss-3.12.0.3-1.el5.src.rpm >> firefox-3.0-2.el5.src.rpm >> xulrunner-1.9-1.el5.src.rpm >> nspr-4.7.1-1.el5.src.rpm >> yelp-2.16.0-19.el5.src.rpm > ... > > Later when firefox-3.0.1 was also pushed to sl51, sl50 the set of packages > updated was: > > ... >> SRPMS: >> devhelp-0.12-18.el5.src.rpm >> firefox-3.0.1-1.el5.src.rpm >> xulrunner-1.9.0.1-1.el5.src.rpm >> yelp-2.16.0-20.el5.src.rpm > ... > > So there were no security updates for nss, nspr at that point, and indeed > I still seem to have nss-3.11.99.5-2.el5, nspr-4.7.0.99.2-1.el5 as the > latest versions. > > This may be intended, but I notice that on an sl51 box (updated to firefox > 3.0.1) I don't get the "Extended Validation (EV) SSL" stuff appearing in > the location bar, but I do on a test box running sl52 also using > firefox-3.0.1 > > If I update just the nss* packages to the same version as in sl52 then it > magically works. I don't know if the nspr security update is also > actually expected by firefox-3 or not but a trivial test suggests that it > can be updated to without obvious problems on sl51... > > Could/should the nss/nspr errata be pushed to sl51/sl50? > > [ anyone who dosn't know about the EV stuff should look at (say) > https://www.paypal.com/ and see if the box displays a 'run by' message. ] > > -- Jon -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________