Sometimes it is a good security practice to remove unneeded ca certiticates from the base system and applications such as firefox and thunderbird.
For starters you can verify for presence of FooVadis certs this way on Rocky Linux 9.2 :
$ trust list --filter=ca-anchors | grep FooVadis -i -A 2 -B 3
Then update source ca-bundle file with text editor as root:
$ sudo nvim /usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
Dont forget running update-ca-trust at this point…
$ sudo update-ca-trust
To verify your changes, just run trust list again :
$ trust list --filter=ca-anchors | grep ...