Just read Marcus’ article about mozilla’s security maintenance.
It’s really a pain to have those dependencies to applications which are using Gecko. But we made progress to not depend applications which just use NSPR and NSS on mozilla. So only real Gecko embedding applications are affected. SUSE Linux 10.0 will most likely be the last release with mozilla shipped as application suite as it is discontinued from the Mozilla Foundation. (But we will need another vehicle to deliver Gecko for other applications.)
BTW: I’m on vacation now for one and half week and will be offline for this time not writing to my brand-new blog 😉