- Mozilla / NSPR / NSS versions: https://wiki.mozilla.org/NSS:Versions
- Download a Specific Firefox Release: ftp://ftp.mozilla.org/pub/firefox/releases/
- Release schedules: https://wiki.mozilla.org/Releases
- Release Calendar: https://wiki.mozilla.org/RapidRelease/Calendar
- Release branches: http://hg.mozilla.org/releases/
- You can look at the release source code to see which version of NSS is included in a version of Firefox. For example, at http://hg.mozilla.org/releases/mozilla-release (choose the right tag from the bottom, e.g. FIREFOX_5_0_RELEASE, then click on files and navigate to security/nss, click on the file link next to TAG-INFO there.
- History/Dates of NSS Branches: https://wiki.mozilla.org/NSS:Tags
- Spreadsheet of all included root certificates
Root Cert Inclusions into Mozilla Product Releases
In the following table, only those bugs involving root certificates are listed. A bold bug number is a "master" bug for the NSS version with following non-bold bug numbers pointing to bug reports for individual root certificates or groups of certificates and depending on that master bug. For a given NSS version, bug numbers after a blank line are not related to the group above that line.
Thunderbird is built from two repos, the same "mozilla-central" that Firefox ESR is built from, and "comm-central" for the Thunderbird-specific code. So, Thunderbird will have the same root store as ESR. ESR only picks up a new version of NSS (with the updates to the root store) when a new version (xx.0) is created. So, Thunderbird 45.0 and all of its dot releases will have the same root store as Firefox 45 / ESR 45 (NSS 3.21), unless there is a security incident.
SeaMonkey is also built out of comm-central and pulls mozilla-central as a starting point. Very much like Thunderbird except SeaMonkey uses the mozilla-release branch rather than the ESR branch. The SeaMonkey release should have the same NSS code and root certs as the corresponding Firefox release. SeaMonkey often ships a week after Firefox.