NSS Internal PKCS#11 Module out of date in TOR 8.5.5 causing invalid certificate RSS failures
TOR 8.5.5 is based on Mozilla Firefox 60.9.0esr (32-bit) The latest version of NON-TOR (64 bit windows) Firefox is Ver 69.0.3
The PKCS#11 Module included with the TOR version of firefox is now out of date. The version of PKCS legacy/trac#11 (closed) used by the latest version of Firefox is 3.45 The version reported by TOR is 3.36
This newer version of PKCS legacy/trac#11 (closed) includes the many Cert issuers in it's list of trusted authorities that the current Tor version of Firefox DOES NOT.
This leads to users experiencing security errors when trying to access properly configured sites with valid certs under TOR that work properly for them outside the TOR system:
======== Your connection is not secure