Crash occurrs in both Thunderbird 9 and 10 (beta), both Mozilla and Fedora builds. I used Fedora excutables for tracing (easier with systemwide installed debuginfo). Using NSS 3.13.1 and environment variable NSS_ENABLE_PKIX_VERIFY="1" In Thunderbird, I click on an S/MIME signed email from cfu@rh For quite a while, everything seems fine, but in the background we have a job that attempts to verify the S/MIME signature. Eventually it crashes. I have a core file with a stack of more than 46,000 (!) levels. (Eventually it crashes elsewhere, but that clearly is a stack overflow.) I'm attaching a file with portions of the stack, and information about the involved certificates.

FWIW, when running Thunderbird and NOT using PKIX_VERIFY, there is no crash. The S/MIME signature is shown as invalid. The cert hierarchy stops at level 20 (I assume the loop detection is active in this non-libpkix scenario).