I imagine it will happen like this, if it's indeed true that CNNIC is doing bad things:
- Some user manually removes (or doesn't yet have) the CNNIC certificate
- When visiting a normal site like Gmail, they get a certificate error.
- They look at the certificate, notice it was issued by CNNIC, and complain publically.
- Mozilla removes the certificate for everyone.