See: *https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ *https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ You can only disable built-in root certificates by removing their trust bits (click the Edit button) to make it impossible to use them as root certificate. ---- You may want to disable SSL3 for now until this vulnerability is addressed if you are concerned. RSA Signature Forgery in NSS: *https://blog.mozilla.org/security/2014/09/24/rsa-signature-forgery-in-nss/ *https://www.mozilla.org/security/announce/2014/mfsa2014-73.html You can set the security.tls.version.min to 1 on the <b>about:config</b> page to disable SSL3 and only have TLS 1.0 and later enabled. You may need to close and restart Firefox after changing these prefs. * security.tls.version.min = 1 * http://kb.mozillazine.org/security.tls.version.* 0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2 etc. Note that you may have to reset the pref and re-enable SSL3 in case you experience issues with accessing websites via a secure connection.