Although a server sending an empty list is strictly speaking illegal in SSL/TLS some implementations will tolerate it and interpret it as "any CA".
No idea if Mozilla does though...
NSS enforces the SSL/TLS specs and will not tolerate an empty CA cert list from the server.
