I was pointed to this Mozilla Security Advisory:

Certificate verification bypass through the HTTP/2 Alt-Svc header https://www.mozilla.org/en-US/security/advisories/mfsa2015-44/

While it doesn't say if all versions prior to 37.0.1 are affected, it does say that sending a certain server response header disabled warnings of invalid SSL certificates for that domain. Ooops. I'm not sure how relevant HTTP/2 is by now.