Here's a thread from mozilla.dev.security.policy where the CA responds to this and two other(!) misissuance incidents they failed to report (someone's even claiming a third incident at the end):
https://groups.google.com/forum/#!topic/mozilla.dev.security...