What is the same with both Moz and Chromium is interesting. Both are highly complex packages PORTED from Windows as an afterthought.
We really have two choices, either invest the effort to create an HTML5 compatible browser for *NIX or accept the fact we are utterly dependent on a port and accept the consequences that logically follow from that. Those being we have to remember we are a parasite and thus must exert every effort to put as little strain on their resources as possible, even if it mean WE have to invest considerable effort to adapt to their alien customs and compromise our best practices and even compromise security.
And no, WebKit isn't any better. It may have started as a KDE effort but it is now an Apple project so if we grow a dependency on that we still are tied to the needs of an alien system.
But does Linux even follow the "UNIX Way" itself? No, just look at the horrors the distributions suffer keeping a stable kernel through a long term release. So lets not get get the pitchforks out at Moz or Google, the problem is a lot bigger.
What would really, really go a long way to solving the problem is if the libraries could actually get to a stable release that wouldn't require chasing the bleeding edge so much. Look through the dependencies of any major software and note how many 0.x versions of libraries they are linking against. Note the comment above from a Google dev, they aren't patching the heck out of libraries to be evil, they are mostly patching because they have to patch bugs and add needed features.
Just one thought on the notion of adopting Windows' every app carries copies of every lib habit. Forget EVER nailing down security because that would be as crazy as expecting Windows to ever be secure.
As for xulrunner, all I can say is Doh! It was pitched as a platform to build other apps with but there was never the slightest promise of the longterm stability that would be required to make it practical and by now we have enough actual history to show it ain't going to happen. Like all browser type products it is a roach motel so not updating isn't really an option and old versions aren't going to get patched. So anyone who was an early adopter can perhaps be forgiven for falling for hype but anyone still using it has to accept they are equally guilty, suck it up and either do the heavy lifting once to rebase on something else or keep up the constant churn involved with chasing the taillights. But either way, no bitchin' allowed.