If you don't trust a particular CA whose root certificate is included by default in Mozilla products, then there are two ways to disable the certificate.
# [[CAPSM:UserCertDBChanging_Trust_Settings#Changing_Root_Certificate_Trust_Bit_Settings Changing_Root_Certificate_Trust_Settings | Turn off the trust bits for that root certificate.]]# [[CAPSM:UserCertDBChanging_Trust_Settings#Deleting_a_Root_Certificate | Delete the root certificate.]]
#* Deleting a root certificate that is in the default root store is equivalent to turning off all of the trust bits for that root. Therefore, even though the root certificate will re-appear in the Certificate Manager, it will be treated as though you changed the trust bits of that root certificate to turn them all off.