Seems that Firefox Beta 120 is changing the default behavior for certificate trust from its own repo to the OS repo. This is stated in the release notes:https://www.mozilla.org/en-US/firefox/120.0beta/releasenotes/<p>and here is the relevant bugzilla link: https://bugzilla.mozilla.org/show_bug.cgi?id=1858531<p>so anyone relying in the existing Firefox behavior needs to opt-out of this new behavior
<a href="https://support.mozilla.org/ko/kb/how-disable-enterprise-roots-preference" rel="nofollow noreferrer">https://support.mozilla.org/ko/kb/how-disable-enterprise-roo...</a><p>Apparently this was done to please annoying AV softwares [1].<p>[1] <a href="https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46359.pdf" rel="nofollow noreferrer">https://static.googleusercontent.com/media/research.google.c...</a>
This isn't the right summary. Firefox uses it own root store still and ignores any certificates distributed by default in the OS. However, if the user installs their root to the OS, Firefox will also pick it up. This is how other browsers work.