dstiles - 6:50 pm on Jul 24, 2013 (gmt 0)
Mobile UAs are variable and although some of the later ones obey the rules many do not. For example, many begin Opera or Samsumg or similar. If you know they are mobiles it's probably safe to let them in.
NOTE: Checking other headers is not a good way of validating mobile devices. It depends on what they are and how they are connecting. In particular mobiles via proxies (even legit proxies) can come in with some really odd header combinations. I've had to relax header-checking quite a bit for known mobile UAs, especially those using proxies.
Multiple Mozillas in a single UA can often mean "I've just installed a really amazing tool in my browser and it has no idea how to create a proper user-agent string." I see this a lot with toolbar extensions, including G's. I suspect MS may also screw it up when updating from (eg) IE7 to IE8. As a result I tend to go by other headers, using double Mozillas as a tie-breaker.