Too bad you don't remember which exit node it was, it would help. Yeah, it could be a compromised exit node trying to perform a mitm attack. It would be interesting to see that certificate. Anyway, there are two things that you can do to avoid this in the future.
First, install the Certificate Patrol add-on for Firefox https://addons.mozilla.org/en-US/fir...ficate-patrol/
It stores the certificates from every site you visit and checks to see if they change before the expiration date. You will get a lot of notifications about cert changes but its almost always benign. I suggest you install that in every Firefox profile you use as its a very helpful add-on in general.
To protect against exit nodes like that you can select the set of bad nodes you want depending on how paranoid you are, create an ExcludeNodes text block with their fingerprints and edit your torrc file to avoid using them as exit nodes permanently.
Be aware that ExcludeNodes and ExcludeExitNodes are different options in the torrc file. ExcludeNodes will completely avoid using them in any part of the chain be it entry node, middle or exit. ExcludeExitNodes just excludes them from being used as exit nodes. Your choice.
If you find a strange node again you can report it to InspecTor to make the Tor network a little bit better. Hope this helps.