According to a report written by Microsoft, it appears that Internet Explorer is. The proof is in the pudding! Of course, if you recognize that the pudding was whipped up by Microsoft. And you agree with their proof.

Ryan Naraine writes:

Since the release of Firefox 1.0 in November 2004, Jones counted 199 vulnerabilities in supported Firefox products – 75 HIGH severity, 100 MEDIUM severity and 24 LOW severity.

During the same period, he said Microsoft fixed 87 total vulnerabilities affecting all supported versions of Internet Explorer – 54 HIGH severity, 28 MEDIUM severity, and 5 LOW severity.

The full article includes a link to the report in PDF format where the numbers are crunched in detail. What's interesting about the report, notwithstanding its source, is that my own personal research has shown over time too that browser vulnerability disclosure is more a function of "time served in the market" than intrinsic code safety. Thus, the longer a browser sits in the market, the more vulnerabilities you'll find in its code.

My own research was done looking at the Secunia web site and its list of published vulnerabilities. If you trendline both FireFox and IE over time, the slope of each of their lines for cumulative vulnerabilities is relatively the same. Here are the trendline equations I discovered when plotting cumulative vulnerabilities since release (I last pulled these about six months ago):

IE: y = -0.010x^2 + 2.661x - 4.7566
FireFox: y = -0.008x^2 + 2.118x - 38.07

See how close the slope of these equations are. Thus, owing to my own research, I'm inclined to believe this research. At least, I'm inclined to believe that they're more-or-less the same in terms of relative safety.

Read the full report and come to your own conclusions at:
http://blogs.zdnet.com/security/?p=703&tag=nl.e539