1. UI copying chrome
2. telefonica servers for video chat
3. Ads on your new-tab-page
4. Yahoo search deal
5. Adobe binary blob DRM installed and enabled by default. this is flash security holes all over again.
6. google binary blob DRM on android.
And the EME module, good or bad, is not a security hole like Flash. The CDM modules are heavily sandboxed, preventing them from doing anything in the system besides talking to the browser. On Linux, it uses seccomp: https://lwn.net/Articles/332974/
* or DuckDuckGo (inferior but privacy conscious), but good luck with them funding Mozilla
2. The servers are only use to find clients, the data is transiting directly between the computers with WebRTC.
3. The ad tiles are there until the screen is full (which happens very fast). In practice, almost half of the ads are for Mozilla itself (Firefox for Android, Marketplace ...).
4. And so ? What's the problem by having Yahoo instead of Google in some countries ? It provides some diversity and competition in the search market which really needs it.
5. I agree on this but it's not like Mozilla had a choice, they tried to resist up to the last minute. And their implementation unlike Chrome's one (if I remember) is going to be strictly sandboxed. So they tried to do what they could. This is really Chrome's fault here.
6. I think they did not have a choice either on this one, unlike what Google is advertising, Android is much less open than they say. A lot of proprietary binaries are needed to run the OS and the stock Android is just the bare minimum. Maybe in the future they could provide an open-source replacement to it but I think they did not have enough resources.