My copy of Firefox 26.0 (Win7-64) has the "AddTrust External CA Root" certificate, but not the "PositiveSSL CA 2" one, and so with no valid chain, Firefox thinks the worst.
Now this is where my knowledge runs out, but from what I can tell (and I hope I have this right) the server can send the intermediate certificate out the first time you visit and the browser then stores this for the next time.
Is this right Purrcat? And as above thanks for the updates