An attacker can force Firefox to accept old, signed remote newtab pages. This is probably not a problem as long as those pages are safe. But in the case a "malicious"/bad newtab page got signed we have to revoke the certificate. If we want to have a more general solution to this we would probably have to do something similar to bug 1280877.
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog3]
You need to log in before you can comment on or make changes to this bug.