there are at least a couple of addons and services with ideas about how to surface info to users when they could be under MitM attack. a few of these were mentioned in http://www.netresec.com/?page=Blog&month=2011-03&post=Network-Forensic-Analysis-of-SSL-MITM-Attacks "...There are several ways users can detect MITM attacks, even when the certificate seems to be signed by a trusted CA. There are, for example, Firefox plugins available from Certificate Patrol as well as Perspectives that can help users by alerting on “new” certificates that have not been seen before. " we should consider adding ways to surface this info for situations like [Bug 642395] Deal with bogus certs issued by Comodo partner [Bug 643056] Revocation isn't enough Recommend Removing RSA Security 1024 V3 root certificate authority Options -- http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998/26fca75f9aeff1dc and others cases where certificate have been compromised or suspect.
more on some usability improvements and ideas on Trust on First Use and Persistence of Pseudonym (TOFU/POP) in some slides by Chris Palmer noncombatant.org Ideas developed with Seth Schoen and Peter Eckersley eff.org https://docs.google.com/present/view?id=df9sn445_206ff3kn9gs&pli=1
bug 645819 Write an extension which auto-imports CRLs when it finds them