I'm using testing (Buster), I've had Firefox pinned for some time
because of this bug, and today I found it was for no good reason --
libnss3 is at 2:3.36.1-1, and Firefox has no problem accessing websites
using HTTPS.
As the OP said, there seems to have been a problem only with a specific
version of libbss3.
The dependency in firefox-esr is not set to this specific version, so
the package does work with newer (and some older) versions of libnss3;
the only thing the firefox-esr maintainers could possibly do is add a
(!= 2:3.33-1) to the dependencies, and since 2:3.33-1 is not the
current version on any of the Debian releases and architectures (and
seems like never will be), it seems like holding a bug against
firefox-esr, with severity "grave", is a bit of an overkill.
Thanks,
Shai.
