mozilla will "protect users from this attack"...
... by stripping everyone else who's given money to diginotar of the usability of their certificates, breaking their websites and exposing their users to fear, uncertainty, doubt, and whatever MITM attacks are now so much easier without encryption.
Contrast this with the comodo root cert, where *two* resellers were compromised and comodo actually pointed fingers at them instead of themselves as the culprits while they used no intermediary to sign off on various RAs' signing requests so you can't just distrust those RAs and as such all of comodo is compromised, but simply stamping out a couple specific certificates by hardcoding their fingerprints in various programs was deemed sufficient. *Their* root certificate is still there.
Diginotar did quickly what they should do and revoked the certificate (though of course revoking doesn't actually work all that well, wonderful design we have here dear mozilla) but apparently aren't "too big to fail" so don't rate comodo's approach.
On a similar note, Honest Ahmed's Used Cars And Certificates root cert still hasn't been approved for inclusion, despite them actually being honest about their business model.
So, mozilla, what are the criteria for taking which action, please? I think all users and CAs deserve to know how what yardstick(s) apply to your certificate store handling.