Trustwave issued a subordinate root certificate to a company, therefore enabling the company to issue unlimited SSL certificates for any domain/hostname: http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html This violates the Mozilla CA Certificate Policy Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=724929 https://bugzilla.mozilla.org/show_bug.cgi?id=728617 NSS 3.13.3 contains the patch to actively distrust the MITM subCAs issued by TrustWave.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0973 https://rhn.redhat.com/errata/RHSA-2012-0973.html
This issue does not affect the version of nss as shipped with Fedora 16 and 17, since its already updated to 3.13.4
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1090 https://rhn.redhat.com/errata/RHSA-2012-1090.html
Statement: (none)