However, the good news is Mozilla was quicker to patch zero day vulnerabilities in Firefox than Microsoft. More details at CNET.
However, the report found that Mozilla was quicker to patch Firefox's flaws that were disclosed publicly without vendor notification compared with Microsoft. These "zero day" vulnerability disclosures contain information that can be used by attackers to write exploits for the flaw. The longer it takes vendors to release an update that repairs the vulnerability, the longer users of the browser are at risk.
Secunia reported six incidences in which Microsoft was publicly notified of browser vulnerabilities, two of which the security company labeled as "high" or "moderate" in severity. Meanwhile, Mozilla experienced three such occurrences, all of which Secunia labeled as "less critical" or "not critical."
Microsoft took 110 days to issue patches for the two most serious flaws, while it took Mozilla an average of 43 days to address its three flaws, Secunia reported. One of the IE vulnerabilities remained open for 294 days in 2008, according to the report.