[UnoriginalGuy]

While the NSS suite is fairly standard, I downloaded both pre-built Windows binaries from here:

ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_4_RTM/msvc9/

However the SHA256 hashes do not match those of the provided Lenovo binaries. The Lenovo binaries are also bigger than either build provided by Mozilla.

However this does NOT mean there is something wrong, Lenovo may have just compiled them using a different compiler/compiler options/library versions. It is actually common for two people compiling the same source to get different binaries (see, for example, the TrueCrypt issue where TrueCrypt's pre-built binaries were hard to reproduce because the library versions were so specific).

Lenovo may also have supplied the wrong Readme file (that's where I get the version number from).

If you're paranoid, delete them from the Lenovo package, and download them from Mozilla.