diff --git a/mozilla-nss.changes b/mozilla-nss.changes
index 7ac0e94..2a55701 100644
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri May 24 08:12:08 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Adding nss-fips-bsc1223724.patch to fix startup crash of Firefox
+  when using FIPS-mode (bsc#1223724).
+- Added "Provides: nss" so other RPMs that require 'nss' can
+  be installed (jira PED-6358).
+
 -------------------------------------------------------------------
 Wed May  8 06:06:52 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
 
diff --git a/mozilla-nss.spec b/mozilla-nss.spec
index 6fe7745..a657498 100644
--- a/mozilla-nss.spec
+++ b/mozilla-nss.spec
@@ -80,6 +80,7 @@ Patch46:        nss-allow-slow-tests.patch
 Patch47:        nss-fips-pct-pubkeys.patch
 Patch48:        nss-fips-test.patch
 Patch49:        nss-allow-slow-tests-s390x.patch
+Patch50:        nss-fips-bsc1223724.patch
 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
 BuildRequires:  gcc9-c++
@@ -107,6 +108,7 @@ Requires:       libnssckbi.so()(64bit)
 %else
 Requires:       libnssckbi.so
 %endif
+Provides:       nss = %{version}
 %ifnarch %sparc
 %if ! 0%{?qemu_user_space_build}
 %define run_testsuite 1
@@ -242,6 +244,7 @@ cd nss
 # slow test on s390x, permit more time
 %patch -P 49 -p1
 %endif
+%patch -P 50 -p1
 
 # additional CA certificates
 #cd security/nss/lib/ckfw/builtins
diff --git a/nss-fips-bsc1223724.patch b/nss-fips-bsc1223724.patch
new file mode 100644
index 0000000..df58c57
--- /dev/null
+++ b/nss-fips-bsc1223724.patch
@@ -0,0 +1,19 @@
+Index: nss/lib/pk11wrap/pk11skey.c
+===================================================================
+--- nss.orig/lib/pk11wrap/pk11skey.c
++++ nss/lib/pk11wrap/pk11skey.c
+@@ -520,6 +520,14 @@ PK11_ImportDataKey(PK11SlotInfo *slot, C
+     CK_OBJECT_HANDLE handle;
+     PK11GenericObject *genObject;
+ 
++    // Using HTTP3, Firefox runs via neqo that doesn't log in before calling into
++    // this function. So we try to log in here (and ignore failures) in case of FIPS.
++    // Also, no need to also load certificates, we only create a new object and we
++    // have to be logged in for that.
++    if (PK11_IsFIPS()) {
++        PK11_Authenticate(slot, PR_FALSE, wincx);
++    }
++
+     genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template), PR_FALSE);
+     if (genObject == NULL) {
+         return NULL;