Also, you can see the "add an exception" in the screen shot. You can manually add an SSL certificate to a white list, it's just a little bit harder, with a few more steps, than the previous YES|NO dialogue.
I think this a good thing. 99% of user probably don't need to or shouldn't interact with pages with self-signed certificates. That's a good thing. Self-signed certs should really only be on development pages. I'm sure this is a good anti-phishing measure.
In this case I disagree. The web is not all corporate, and there is a confusion between encryption and authentication.
A certificate, signed or no, is a means to establish a secure connection between Alice & Bob. This ensures no one is snooping or modifying the data passing between them. this is a good thing that should be encouraged in an age when your ISP injects ads and the government keeps tabs on what sites you visit.
A signed certificate is a means of authenticating the identity of the presenter of that certificate, to give some reassurance and trust about the other party.
These two things can and should be kept separate. What Mozilla is doing is making it much more difficult to have a secure-by-default Web.
Imagine if your mail program suddenly stopped receiving email unless each sender either paid 100 bucks per year to VeriSign, or faxed a copy of their passport to Microsoft, or you went through a scary, four-step process to "enable" them.
A self-signed certificate does not establish a secure connection between Alice and Bob, because Alice can't verify the certificate. Bob can send his certificate, Mallory can trivially intercept it and replace it with her own, and nobody will be the wiser.
Let's not encourage people to adopt security mechanisms that provide no real security. Let's make the security mechanisms we have today, which are strong enough to stop many governments and all of the largest corporations, cost-effective and easier to deploy. Let's solve the right problems, instead of trying to make ourselves feel better by sugarcoating browser warning messages.
I think this a good thing. 99% of user probably don't need to or shouldn't interact with pages with self-signed certificates. That's a good thing. Self-signed certs should really only be on development pages. I'm sure this is a good anti-phishing measure.