Some background of the story:<p>CNNIC is a root CA from China. It issued a false certificate[0] and got revoked by both Google[1] and Mozilla[2].<p>CNNIC is also believed to behind some MITM attack against iCloud[3]. Pulling CNNIC from Firefox was once discussed five years ago on Mozilla's bugzilla[4, 5, 6].<p>0. <a href="https://cpj.org/blog/2015/03/chinas-cnnic-breaches-sacred-crypto-trust-endanger.php" rel="nofollow">https://cpj.org/blog/2015/03/chinas-cnnic-breaches-sacred-cr...</a>
1. <a href="http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html?m=1" rel="nofollow">http://googleonlinesecurity.blogspot.com/2015/03/maintaining...</a>
2. <a href="http://www.theregister.co.uk/2015/04/02/mozilla_revokes_cnnic_cert_trust/" rel="nofollow">http://www.theregister.co.uk/2015/04/02/mozilla_revokes_cnni...</a>
3. <a href="https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone" rel="nofollow">https://en.greatfire.org/blog/2014/oct/china-collecting-appl...</a>
4. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=542689" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=542689</a>
5. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=476766" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=476766</a>
6. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=607208" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=607208</a>