The report, available here in PDF form, found that Firefox had 115 vulnerabilities reported in 2008, compared to 30 for Opera, 31 for Internet Explorer, and 32 for Safari.
That doesn't mean, though, that Internet Explorer is off the hook for security concerns. Far from it. ActiveX remains the browser plug-in or add-on with the most number of vulnerabilites. It had a whopping 366 vulnerabilities, compared to 54 for Java, 30 for QuickTime, 19 for Flash, and one for a Firefox extension. No Opera widgets had any vulnerabilities.
Internet Explorer also has a much longer lag time between when a vulnerability is found, and when a patch is issued for it, again by a wide margin. The lag for Internet Explorer was between 78 days and more than 294 days (some vulnerabilities weren't patched by year's end). For Firefox, the lag ranged between 15 and 86 days. Secunia didn't compare how long Safari and Opera took to patch.