Mozilla is moving forward with our implementation of the consensus plan for
Symantec roots . With the exception of whitelisted subordinate CAs using
the keys listed on the wiki , Symantec certificates are now blocked by
default on Nightly builds of Firefox. The preference
"security.pki.distrust_ca_policy" can be used to override these changes. A
custom error message is also being implemented . These changes are part
of Firefox 60, which is scheduled to be released in May .
There are still a lot of websites using Symantec certificates, but the
number are declining rapidly. Lists of affected sites and regularly updated
metrics are available via bug 1434300 .
dev-security-policy mailing list