Because they are not as rigorous as Google's. At Google every commit is read and reviewed before it lands in source control. And they have an entire team dedicated to building the testing infrastructure, so they can do things like testing Flash against every possible input to see if there are any security holes. (There were.) Google is all about being super careful about every line of code. I don't know for a fact that Mozilla isn't, but the quality of the code that I've read in each browser makes me think Google has a better process. But I could be wrong.

> At Google every commit is read and reviewed before it lands > in source control.

Something Mozilla has been doing for 12 years.

> And they have an entire team dedicated to building the > testing infrastructure

As does every browser developer.

> so they can do things like testing Flash against every > possible input

http://www.squarefree.com/2010/07/14/fuzzing-talk-at-the-moz...

Jesse and company have been writing lots of other fuzzers that aren't public yet as well...

Seriously, what you described above (pre-checkin code review and fuzz-testing) are all standard industry practices for web browsers and have been for years.

You could have verified the assumption that Mozilla doesn't do code review in 5 minutes here: http://hg.mozilla.org/mozilla-central/

What do you think the "r=" lines are?