While listening to the Security Now podcast, I have listened first with amusement then with horror to Steve reading email from Mozilla about the security problems with WoSign CA.

Their list of woes is long, read the linked email for details, but one thing turned up during the email which I was not aware of: StartCom (owner of the StartSSL certificate authority) was apparently recently bought by WoSign CA! Apparently one of the security bugs StartSSL has (had?) was that with properly modified POST request (yes, I guess you can do it in the Developer Tools of your Firefox) you can get certificate linked to the root ceritificate “CA

https://matej.ceplovi.cz/blog/startssl-customers-it-is-time-to-leave-now.html