set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always enforced")
see: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
Please set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always enforced").
This will become more relevant as Tor moves to a more recent version of firefox (31 only has minimal built-in pinning support, and 35 introduces HPKP), but without setting the level to 2, users who are phished with an external root CA (admittedly a bad situation, but not uncommon) will lose all pinning protection against that root CA (see https://bugzilla.mozilla.org/show_bug.cgi?id=1168603 for more details about this risk and circumstances where it might legitimately arise)