Most Kali Linux packages are outdated or vulnerable
Since Kali Linux Rolling is based on Debian, most the packages are outdated or vulnerable. For example, the Firefox and Firefox-ESR have two 0day vulnerabilities recently and they have been fixed by the Firefox official. Meanwhile, most of the Linux distributions are updated accordingly, e.g. Ubuntu. However, Firefox-ESR in Kali is still vulnerable.
I think that the packages in Kali Linux should be up-to-date as it is a security Linux distribution. Nobody will used a vulnerable penetration testing tool to do the security stuff.
Hope Kali Linux team can look into it and improve it in the near future.