The root certificate is also part of the mozilla.rsa. Addons have it included, it can be extracted and then imported into the browser Certificates > Authorities and it will be used to validate addons, including those which are not updated.
This only makes sense if you really need to fix it while the browser is running, otherwise you can simply restart it after the new certificate is imported.
A sample procedure doing exactly this, and a fix for Firefox <= 56.0.2 can be found here: https://www.velvetbug.com/benb/icfix/
The same procedure can be used on newer versions, but the syntax is a bit different (import cert, go to about:addons, open console):
This only makes sense if you really need to fix it while the browser is running, otherwise you can simply restart it after the new certificate is imported.