mozilla-central contains copies of external software modules that it depends on.
The following list of directories (incomplete) contain them. Those directories shall be considered read-only, changes shall be delivered to the upstream software projects. Eventually we'd like to have ACLs, but as of today there is no protection for accidental commits to those directories. Such changes will get overwritten without warning on importing the next updated version.
Special procedures must be used to update these to newer snapshots of the upstream software projects. The procedure for NSPR and NSS is documented here.