I just saw this post by Michal Zalewski on BugTraq. From the post:
It appears that the overall quality of code, and more importantly, the
amount of QA, on various browsers touted as "secure", is not up to par
with MSIE; the type of a test I performed requires no human interaction
and involves nearly no effort. Only MSIE appears to be able to
consistently handle [*] malformed input well, suggesting this is the
only program that underwent rudimentary security QA testing with a
similar fuzz utility.
I'm wondering when Michael's post will show up on slashdot.
Edit: Corrected Michal's name - Sorry about that.