From what I can tell, they didn't actually remove the hideously stupid tempdir-walking rng-seeding code in NSS -- they just fixed it so it's not called on XP (at least most of the time), as they think XP's RNG is good enough for them.
They were planning to still use it intentionally on Win2k and WinCE.
Most of the stupid shit that Mozilla does has a freetard angle of some sort, and it's possible to understand their motivations. This is just plain baffling. WTF Mozilla?
How do you suggest they gather good entropy on Win2k and WinCE, then? If you actually do have a better idea, I'd be willing to try my own hand at turning it into a patch, so let's hear it :)
A) Stop being such affected crypto-wankers, and realize that they don't need more entropy than the TCP stack.
B) Given that (A) is basically untenable for them, find entropy by looking at the user's Mozilla profile.
It's bizarre that they're looking in IE's messy cache directory when they have their own tidy one that they fully control! There's all kinds of lovely compact entropy to be found there, especially with the SQLite databases that it keeps.
Long story short: some of the Windows versions that libnss runs on are unable to provide as much entropy as libnss's PRNG wants to be seeded with, without resorting to gathering it from places like the tempfiles directory.
MFSA 2009-41 Corrupt JIT state after deep return from native function
http://www.mozilla.org/security/announce/2009/mfsa2009-41.ht...