"Personally I think that the decision to patch 2.x one
day and 3.x the next is a very risky security decision - regardless
of the fact that Mozilla thinks there is less risk to Firefox 3.
The reality is that users don't patch as quickly as they should
(though they do update Firefox faster than other browsers) and
having a known vulnerability out there waiting to patch isn't my
idea of mitigating risk properly."