There are vulnerabilities on both, the dark and the bright sides (Who are on the bright side?). It’s software. The difference resides on how long does a company or an open source group have taken security for real.
Martin has reported a vulnerability in Mozilla, Firefox, and Thunderbird, which can be exploited by malicious, local users to gain knowledge of sensitive information.
Read the original Secunia - Latest Secunia Security Advisories post.