Basically if a site’s ssl certificate has been revoked by a Certificate Authority (due to fraud, shenanigans, etc…) Firefox will maintain a local list (~300kb) of all revoked certs. This way, if you visit a site with a revoked cert it will appear as untrustworthy

My hope is this stops, or slows, the shortening of certificate lifetimes. Currently the longest cert you can purchase is a 1 year cert, and google and apple are trying to force 90day, and in 2029 47 day lifetime certs. This is a headache for devices that need certs, but where cert renewals cannot be automated