I'm not sure where you got the idea that it's out of date. It's based on Firefox ESR and is kept up to date with upstream patches. I'm also not sure how you came to the conclusion that it's "hacked up", considering many of its privacy enhancing patches made it into Firefox.
ESR is basically a stripped and reconfigured browser for organizational deployments where the trade-offs and defaults are geared towards organizational efficiency and management issues, not individual security and privacy. It pretty much says so right on the tin. It's a weird thing to use that as a starting point for a supposedly security and privacy-focused browser. That's before they add their own cruft.
Tor Browser is the browser equivalent of adding sparklers around the gas tank of a Ford Pinto and then claiming you've now got a vehicle uniquely suited for demolition derbies and bank robberies.
