Recently I noticed that FF doesn't even let you accept invalid (meaning no longer recognized as valid by FF because they changed the rules to requrie SAN) certificates for HSTS-enabled sites. The bug report's response was that the HSTS standard specifies that. Fuck that, the users should always be the one in control of such decisions in the end.