According to a report from Cenzic, Inc. (PDF), the Mozilla Foundation’s popular Firefox browser contained the lion’s share of browser bugs in the first half of 2009 at 44%.

“The number of browser vulnerabilities in first half of 2009 comprised about 8 percent of total Web vulnerabilities,” the report said. “Mozilla Firefox had the largest percentage at 44 percent.”

While numbers like this makes for engaging headlines, Ceznic’s treatment of browser security in the broader state of netsec–the report’s prime interest–lasts only a paragraph. Such an abbreviated look at browser flaws cannot possibly paint a nuanced and informative picture of what is actually going on.

As many analysts note, simply counting the number of security flaws is not enough. How many of those flaws are actually critical? How many are instantiated by a third-party plugin? What is the average patching time? A deep dive into the underbelly of browser security could radically change the apparent security of a browser, but Ceznic didn’t do that.

When asked about the cause of Firefox’s alleged rise towards insecurity, Cenzic CTO Lars Ewe said it was a matter of exposure.

“They’ve gotten more traction as a browser, which is good for them and the more you get used the more exposure you have. As well a fair amount of the vulnerabilities have come by way of plug-ins,” he said.

All told, Ceznic’s report takes a compelling look at Internet security in 1H09, but it would have done them well to expand their browser study, or exclude it entirely.