Actually, Debian stable uses Firefox ESR, which is updated roughly once a year. I've used Debian exclusively on the Desktop since around Etch/Lenny, and never see the need to update my browser often.
The notion of a linux distribution repackaging software released by others has always seemed a bit strange to me and a bit of an outdated practice. I get that it has its origin in the inherent need of distributions to explode packages in a distribution specific way all over the file system using distribution specific practices, scripts, file locations, etc. This indeed causes lots of headaches and creates a need for a lot of managing and testing. So don't do that. These days with things like docker and snap, there's no need for any of that and you can get your software straight from those most committed to developing, maintaining and fixing it: the original developers.
My experience with Debian, Red Hat, etc. is to ignore packages for basically anything I care about for both Development and Production. It's likely to be the wrong version of what I need and quite possible for it to have distribution specific issues and quirks. E.g. for OpenJDK I would never put Debian provided packages in production and instead use a package from one of the several licensees of the testsuite (Amazon Coretto, Azul, etc.). I have actually run into issues with e.g. certificates, premature releases of non released versions of the jdk, etc. Much better to use Docker and CI test the entire container before it goes near production with exactly those dependencies that I tested and hand picked. Even Docker itself I prefer to get straight from the source when I build AMIs in Amazon (using packer). Most things I use are well supported with packages by their developers.
Do you think that's typical? I wasn't trying to be contentious, I've always installed the latest firefox as soon as it's packaged and the other Debian users I've known were doing similar. I know ESR exists and works, but I've never gotten the impression that many people actually use it as their 'daily driver'.
I use Firefox ESR on desktop with Debian stable as well. I've never felt the need to update it, while several times, when reading about things that break in non-ESR releases, I was glad I didn't use non-ESR versions.
[0] https://www.debian.org/security/2019/