Comment Re:fake certificates, or sold certificates? (Score 1) 194
A correction.. IE uses the windows certificate store. It doesn't hold it's own set of certs. I know firefox used to have its own set of certs. I'm not sure if that's still true. I'm pretty sure chrome also uses the windows certificate store. In most cases, using the windows cert store is the right thing to do. I can understand why mozilla would want to manage some of this themselves. If they need to roll their own cert store for their cross-platform support, it might just be easier to do that than keep up with all the differences between platforms.
But the main idea is that if you trust the windows cert store, when things like this happen, the cert will be invalidated for everything, not just IE, or Safari, or whatever. Companies can also then add their own certs, regect some, etc in a central database. It's annoying for an IT dept when individual apps do their own thing and don't respect the platform's settings.