I don't know about the facts at the moment. But consider this: they wanted to use gecko in order to have a device with good and stable browser. Developing such piece of software requires years and huge resources. The complexity of that effort is significantly higher than a sum of all source code created by Nokia for 4 devices so far. So they have resorted to using existing product based on MPL licence which is far less restrictive to source closing. They may have done some patches, but the scale of changes is negligible compared to original Gecko. In addition, the company culture dictates rapid releases of new devices, so I can bet they did not spend too much time patching security issues. By following this logic you can expect "Mozilla Engine" to suffer majority of problems identified within original Gecko engine. Sure they can continue to merge with the original project, but this did not happen too often for any of the devices. Once the support has stopped, no new updates have appeared and it is reasanoble to expect that some exploits will work in MicroB