Referenencing the firefox thread that was going on earlier, I ran across this article:
http://www.securityfocus.com/archive/1/378632

that concludes " It appears that the overall quality of code, and more importantly, the
  amount of QA, on various browsers touted as "secure", is not up to par
  with MSIE; the type of a test I performed requires no human interaction
  and involves nearly no effort. Only MSIE appears to be able to
  consistently handle \[*\] malformed input well, suggesting this is the
  only program that underwent rudimentary security QA testing with a
  similar fuzz utility."

FYI,
Brett