Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly. However, you still have to accept the change in certificate for the forged-SSL MIM attack to work. Did you log in to MtGox from strange internet connections in shady places? Or did MtGox get their DNS forged as well?
No, a forged cert from DigiNotar would allow to transparently execute a MiTM attack against an end-user, without her seeing any security warning whatsoever. Except in 1 scenario, see below...
Is there actually a browser that will remember a certificate and complain if that cert is replaced with a different valid CA-signed cert?
...only 1 browser would warn you: Chrome, because Google hard-coded hashes of the public keys for a small number of high-profile websites certificates keys. This is called
public key pinning.