Writing Secure Web Browsers is Hard
I'm not making excuses, just stating facts. In fact, I just read this from SANS... emphasis is mine.
Fixes Not Yet Available for Firefox Vulnerabilities (9 May 2005)
[Editor's Note (Schultz): The number of vulnerabilities in Firefox recently has been alarming. At first Firefox appeared to be an attractive alternative to Internet Explorer (IE) for security reasons, but IE is now looking better and better in comparison.
(Shpantzer): There's so much hacking at the application layer, at some point we'll have to actually lock down configurations for all browsers, regardless of the security mythology that surrounds the project's code and architecture. If you have a supposedly 'secure' browser that's insecurely configured, well, it's not very secure. ]