Yes, and there's no reason for browsers to accept more than one domain name in a CN field. However a quick look through rfc3280 and an ASN.1 reference make me think it is a less than trivial task to figure out what would and would not be a legal termination for a string encoded in the Subject field of a certificate. But it is perfectly reasonable to expect the CA to check for that.