When a serious security concern is noticed, such as a major root compromise, it should be treated as a security-sensitive bug, and the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs] should be followed.
To report a concern about certificates being issued by a CA in Mozilla's Program:
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Mis-Issuance
Open CA Mis-Issuance bugs: https://wiki.mozilla.org/CA/Incident_Dashboard
== Add a Trust Bit ==