Hi, I'm currently preparing fixes for nss and wonder if the security team already has a plan forward for CVE-2015-4000? Using the upstream patch would change defaults in a stable release. I think I'd be good to do the same for all currently supported releases.
Cheers -- Guido