this may help clarify why Firefox dragged its feet for so long to enable TLS 1.2 support by default...from the timeline, we could probably make some guesses as to when certain agencies took notice of this attack.
the real question is why it took major site ops this long to realize. given a trove of handshakes (which Google has been saving for years), user-agent headers, and expected ciphersuites, it perhaps should not have been too difficult to detect downgrade attacks in the wild. that doesn't in itself give you POODLE, but it probably offers some clues...especially given other information available to them.
I made the change to remove the version UI from Firefox. I made that change for two reasons:
(1) It sped up the implementation of TLS 1.1 and TLS 1.2. Removing the UI meant I didn't have to redo the UI when I added TLS 1.1 and TLS 1.2 support. Keeping that UI would have caused TLS 1.1 and TLS 1.2 to be delayed even further.
(2) Our measurements showed that ~1% of users had disabled TLS 1.0, leaving only SSL 3.0 enabled. I was worried that the UI encouraged people to make that mistake. Also, it is the application's responsibility to do the right thing automatically. People shouldn't have to fiddle with such options to be secure.
i was not implying that POODLE affected TLS 1.0/1.1 in my (downvoted) parent comment, but was pointing out that the scope of ciphersuites in Firefox has been effectively constrained for a large number of users by defaults and GUI toggles vs. enabled about:config prefs for quite some time now.
i wouldn't dispute that disabling sslv3 gui prefs in Firefox may have had significant positive impacts on many users or that many users are clueless about crypto in general as it seems you're implying, but it's worth considering that those decisions also have implications that may be convenient for other parties, like dramatically increasing the activation energy to configuring a browser for security.
another example is how long it currently takes to configure via GUI distrusting or at least warning users when Firefox relies on CAs that users from a given country may almost never encounter. should your average Firefox user in the United States always silently trust Turkmenistan's CA out of the box?
the real question is why it took major site ops this long to realize. given a trove of handshakes (which Google has been saving for years), user-agent headers, and expected ciphersuites, it perhaps should not have been too difficult to detect downgrade attacks in the wild. that doesn't in itself give you POODLE, but it probably offers some clues...especially given other information available to them.