You shouldn't need to add exceptions for such common sites. If that happens then you should check the certificates and make sure that they are from the websites that you connect to.

Note that some firewalls and proxies may send their own certificates instead of passing the one from the website that you visit.

Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox. See Server Not Found - Troubleshoot connection problems and Configure firewalls so that Firefox can access the Internet and http://kb.mozillazine.org/Firewalls

@cor-el: This doesn't always help. Example: My employer uses OpenDNS. When I go to Comcast.com, which pulls data from multiple domains, OpenDNS intercepts the DNS queries and blocks some of the content based on the filtering criteria on the OpenDNS settings for our network. To allow the rest of the content through, it passes its own certificate which Firefox doesn't like because the certificate is for opendns.com but the domain it's trying to load web pages from is comcast.com.

This doesn't pose a problem in Linux because in this exact situation, I have the option to accept the certificate and make a permanent exception. The same is true in Mac OS X.

If there is something in about:config to resolve this, I yet to find it.

Doesn't OpenDNS have a way to download its root certificate or an intermediate certificate that Firefox recognizes?

If the certificate send by Op[enDNS changes all the time then that doesn't look like trustworthy to me. Also if you would connect securely there are two connections, one from you to OpenDNS and a second from OpenDNS to the other server then all data that you pass via that connection can be inspected on the OpenDNS server.

If you can't make an exception then make sure that you do not run Firefox in (permanent) Private Browsing - Use Firefox without saving history mode.