\r\n\r\nIf we didn't test it, it doesn't get the cutting edge treatment, it gets the old safe one. The test isn't looking for mozilla in the string, it is looking at the whole string and finding the unique bit that only that browser sends. Spoofers have no right to complain and none of them ever have to my knowledge.
Except that's still somewhat backwards. There are lots of browsers out there that aren't Firefox, but will render pages identically because they're using Gecko. You don't need to test against all of them to know they work. Similarly, there are lots of browsers out there embedding WebKit/KHTML which will render identically to Safari, but you don't need to test against all of them to know they work.
\r\n\r\nYahoo has an interesting methodology for this which I think is about the least offensive use of browser sniffing I've seen; they study each release of a major browser (IE, Firefox, Safari, Opera) and assign it a "grade" depending on its support for advanced stuff. Then their scripts, instead of being marked "this is only for Internet Explorer 6" or "this is only for Safari 2", can be marked "this is only for Grade A browsers" or "this is only for Grade C".
\r\n\r\nThe important thing, though, is that they have a class called "Grade X". Browsers which have been thoroughly tested and proven to support advanced features are Grade A, and browsers which have been tested and proven not to support advanced features are Grade C. Everything else is Grade X, and Grade X browsers are assumed to have the same or more advanced capabilities than Grade A -- generally, they assume that an unknown UA string represents a new version or a major browser, or a new browser embedding a major rendering engine. Thus, instead of a whitelist of "known good" browsers, they have a blacklist of "known bad" and assume that anything else can handle advanced features. This is much more likely to be correct than the techniques used at, say, Google where I've got some pretty advanced browsers that they won't serve GMail to.
\r\n\r\nAnd of course, their JS libraries use object detection all over the place, so that system seems to come into play only rarely.