On two different ALARM systems (both armv7h), my upgrade today to ca-certificates-mozilla-3.28.1-1 seems to have led to problems with Firefox accepting the certificate from google.com. The aforementioned package became available yesterday (Jan 28 UTC), and the currently available Firefox package is 50.1.0-1 (Dec 14 UTC).
Mainline Arch has Firefox 51.0.1-1 from just a couple days ago. Could the new ca-certificates-mozilla package be causing the problem with the older Firefox? To test that, I've downgraded the certificates to 3.27.2-1, then further down to 3.27.1-1. Oddly, the problem persisted. I tested what's effectively this scenario on one of the ALARM systems prior to its upgrade to 3.28.1-1, and there was no problem.
Finally, a mainline Arch x86_64 system that is currently fully upgraded has no issues with google.com.
Is anyone else seeing this?