From Noam Eppel’s “Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security“:
The security company Scanit recently conducted a survey which tracked three web browsers (MSIE, Firefox, Opera) in 2004 and counted which days they were “known unsafe.” Their definition of “known unsafe”: a remotely exploitable security vulnerability had been publicly announced and no patch was yet available. Microsoft Internet Explorer, which is the most popular browser in use today and installed by default on most Windows-based computers, was 98% unsafe. Astonishingly, there were only 7 days in 2004 without an unpatched publicly disclosed security hole. Read that last sentence again if you have to.