Yes you can. Obviously, you can choose not to make secure connections with sites certified by a CA you don't trust. But then you just can't use your bank's website anymore, or your search engine, or whatever.

Users have a clear stake in whatever informational exchange occurs between them and the websites we access. We should have the authority to participate in determining the terms on which that exchange is secured.

I'm curious as to whether Firefox's sync functionality propagates CA overrides across machines. If not then this is something you'd have to repeat over for every machine you use, making it effectively too tedious to be practical.

It doesn't yet, unfortunately. There's a related feature request for syncing user added certificates:

https://bugzilla.mozilla.org/show_bug.cgi?id=583935

But syncing which certificates to delete is probably a much harder sell.

At least there's a way to do programmatically:

    apt-get install libnss3-tools
    certutil -d /home/$USER/.mozilla/firefox/$FIREFOX_PROFILE -D -n $TARGET_CA_NAME