Debian Stable is just that: stable. The default browser is an Extended Support Release (marked as such by the vendor, not Debian), so it'll stick around longer.
An ESR is more useful for use cases like education or companies that roll their own SOEs and like to document things for users. Browsers love randomly changing the UI or other behaviour on a whim (and on a 6-week cycle). So, it's a browser's ESR by default, and you can always install another one.
> The default browser is an Extended Support Release (marked as such by the vendor, not Debian), so it'll stick around longer.
But Debian Jessie was the "Stable" version for roughly two years. Mozilla's end-of-life for ESR 52 is on June 26, 2018. If Stretch has the same lifetime as Jessie, that leaves roughly one year during which Firefox ESR 52 will be end-of-life.
So how will Debian Stretch remain stable during a period when it is shipping an end-of-life Firefox for which-- as Mozilla states-- "no further updates will be offered for that version?"
This is the case of many software. Usually, distribution support is longer than upstream. Therefore, distributors have to be backport the patches. That's what it is done for Debian.
They are few exceptions: any Oracle product (Oracle doesn't provide security patches and discourage people from making them) and Chromium (patches are too big) and Firefox (idem). For Chromium, the exception is to use the latest version. For Firefox, the exception is to switch to the next ESR once the current one becomes unmaintained.
>Unfortunately, this means that libv8-3.14, nodejs, and the associated node-* package ecosystem should not currently be used with untrusted content, such as unsanitized data from the Internet.
Jeez. I guess this means most people will be using other node binaries in production.
I think 52 is in the security repo now, though