I think that everyone has for got an important factor here. Not only is Firefox open source, but Mozilla actually rewards people monetarily for bringing vulnerabilities to their attention. This is in sharp contrast to say Microsoft who has threatened legal action against these same people. So lets look at an example...
Mozilla's Bug Bounty Program will PAY you $500 and openly discloses their code and vulnerabilities (after a fix of course)
Microsoft will threaten and perhaps follow through on legal action, and certainly does not open their source code.
Slashdot Mirror
I think that everyone has for got an important factor here. Not only is Firefox open source, but Mozilla actually rewards people monetarily for bringing vulnerabilities to their attention. This is in sharp contrast to say Microsoft who has threatened legal action against these same people. So lets look at an example...
Mozilla's Bug Bounty Program will PAY you $500 and openly discloses their code and vulnerabilities (after a fix of course)
Microsoft will threaten and perhaps follow through on legal action, and certainly does not open their source code.