So then they can only fake the traffic in their country what they can do anyway with non SSL traffic. I sounds more like this could be a global attack.
It's 'local', since you somehow need a way to intercept the traffic and there's a limit to the feasibility. Let's say this is 'local' for everyone in Iran.
But going for the certificate Colin suggests broadens the attack quite a lot: Instead of being able to server your own version of GMail/intercepting mail traffic you're now able to inject Javascript into what? 60% of the websites of the net? Basically everyone using Google Analytics now silently serves your code and the browser runs it without warnings.
So local/global is orthogonal to this impersonation 'improvement'. Even if you do this (somehow tricking a CA) yourself in the internet cafe of your choice, you would make the attack so much worse if you don't target a single service anymore and inject your code into as much content as possible.