In 2008, Firefox faced 115 reported security flaws, which is nearly four times as many as any other popular web browser. Microsoft, Apple, and Opera respectively reported 31, 32, and 30 security flaws in their browser. It is valuable to note, though, that Firefox is an open-source product, and therefore, security flaws may be be dragged kicking and screaming into the light of day easier than with its closed-source brethren. Still, if that can account for such a major difference is debatable, at best.
Like I said, there is good news on the security front as well for Firefox. In 2008, Internet Explorer faced 6 zero-day flaws, two of which were rated "moderate" or "high" in severity. Firefox faced only three zero-day flaws in 2008, and none of them were labelled moderate or severe by Secunia. Mozilla also responded much, much faster to these zero-day flaws than Microsoft did, with three of them still unfixed in Internet Explorer (the higher-rated flaws were fixed, though).
The other bit of good news is Tracemonkey's excellent performance, which, according to BetaNews, approaches that of Safari 4. Betanews believes that further down the development line of Firefox
3.1 3.5, it will be a neck-and-neck race. As a consequence, Mozilla will bump the version number from 3.1 to 3.5 for the next Firefox release.