Infoworld: Mozilla plans to more strictly enforce industry best practices for SSL certificates in future versions of Firefox with a new certificate verification system.
The new system will be implemented as a library called “mozilla::pkix” and will start being used by Firefox 31, which is expected to be released in July.
Many of the certificate verification changes in the new library are subtle and are related to technical requirements specified in the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” issued by the Certification Authority/Browser (CAB) Forum. However, some of the behavior modifications also stem from changes Mozilla made to its own policy for trusting CA certificates.