Re: The MS platform is pretty robust ... Firefox
Yes, this is a sore point also on most Linux systems as well. If there is one sane thing that the Firefox management could do for their products and the world at large, it would be to focus on making a browser that was easy to secure and designed to enforce a respect for privacy.
That means having a simple way of using central management tools to set parameters and to force/block plug-ins that are centrally defined, and to have a sane limit on what the browser should ever need to access so things like apparmour profiles are trivial to use without issues. And this goal should be thought through so it works using WSUS and several of the Linux options (both per-machine via local admin, and centrally for the network).
As far as privacy goes, this means reporting only one of a few configurations so its not easy to fingerprint for tracking (and/or randomly reposting different bits every time so no two sessions on a given machine look alike, e.g. dithering on canvas draw etc). It also means having a design so things like history and cookies are all isolated from javacript and plug-ins by default, and only signed plugins that ask for permission and are granted it can use it. And that denying access just returns a near-blank list, like a fresh browser install, so a plugin can't tell if it has real access blocked or not.
So please Firefox team, quit dicking around with the GUI to look like chrome, quite removing features because you can't be arsed to support or test them, and focus of having a selling point that system admins want - an easy life of little trouble from users, idiot or otherwise.