Comment Re:Wreak havoc on corporate networks, SSL observat (Score 1) 90
The default is:
1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)
So CAs inserted by the corporate networks will be allowed, only verified for CAs shipped by Mozilla