Strike them out...
"The certificates were obtained by a competing Certificate Authority (“CA”) attempting to demonstrate a perceived vulnerability in one of our Registration Agent’s (“RA”) systems and procedures."
Well, that's not what happened now, is it?
And, to be fair, it looks like the found one.
Myself, I've removed Comodo from the list of certificates I trust in firefox (well, removed the ability of the Comodo root certificates to certify anything, actual removal is difficult). As I hear about more CAs failing their reesponsibilities I'll remove them too. Secure comms with my bank and credit card are more important to me than the ability to converse securely with any old user of a no-name CA that has security problems.
Actually, it would be better if the bank provided their own CA certificate in an offline manner, and if browsers could provide some sort of locked down mode where I only trust a single CA. Then I would be able to talk to my bank safely.
Have you looked at the list of "trusted" authorities in a modern browser? I don't know who they are and I certainly don't trust them all.