Mozilla says they will no longer trust root certificates from the UAE firm DarkMatter, ending months of discussion (in Google groups here) trying to stay white-listed in Firefox. They have contributed to exposing APT34 and other threats. Are they evil? The Intercept seems to think so.
On a side note have you wondered about how many CA certificates are included in a Mozilla bundle? If you are building/delivering a software platform then you need to keep your cacert.pem up-to-date!