Seems that Firefox Beta 120 is changing the default behavior for certificate trust from its own repo to the OS repo. This is stated in the release notes:https://www.mozilla.org/en-US/firefox/120.0beta/releasenotes/and here is the relevant bugzilla link: https://bugzilla.mozilla.org/show_bug.cgi?id=1858531
so anyone relying in the existing Firefox behavior needs to opt-out of this new behavior