It’s pretty good news. The introduction to the “Web Browsers” section gives an excellent summary of the current problems with IE. And, at first glance, Mozilla/Firefox beats IE 7 to 15 in the vulnerabilities list.
In fact, it’s even better than that. One of the seven is a MIME problem in Mozilla Mail – it’s hardly fair to include that when looking at browser function. The claim that “all these vulnerabilities also apply to Firefox 0.9.x” – I’d be impressed if that one does :-) And the last one (Cross-Site Scripting) was also never a problem in Firefox or Mozilla 1.7. So we actually win 5 to 15. Of course, some of the IE ones may be similarly bogus. Feel free to comment if you feel that’s the case.
But that’s not the whole picture. Security is not just about the vulnerability count, it’s also about (among other things) the development methodology, the application architecture and the speed of response to problems. Fortunately, we’re ahead in those areas as well – as the SANS report notes.