It's easy to get mad at Fedora when we don't have the latest-greatest at the time the announcement drops. But they hold the packages so that they can do additional QA beyond what Mozilla has already done and protect their users.
I'm sometimes disappointed, but after seeing some of the bugs they've caught during the Fedora-specific testing/QA builds, I can understand why they do it.
I don't like dealing in absolutes. There are valid reasons to hold a security patch for some period of time if the cure is worse than the poison. See, for example, some of the early Spectre/Meltdown mitigations that caused a 20% performance hit.
I'm sometimes disappointed, but after seeing some of the bugs they've caught during the Fedora-specific testing/QA builds, I can understand why they do it.