The observation in the report was different than the headline. Essentially, it said that Windows 7 had 102 vulnerabilities identified in the system during 2013. Flash Player is now embedded in Windows 8/8.1. As a result of that, the 56+ (I stopped counting at 56) vulnerabilities of Flash Player in 2013, took the total vulnerabilities in the system up to 154. Had Microsoft not embedded Flash Player, Windows 8 would actually had 100 or less vulnerabilities in Windows 8 during the year. The browser is irrelevant, from the aspect of Flash Player. However, considering the ridiculous numbers of vulnerabilities discovered in Firefox and Chrome, they would have merely increased the level even further, under the same considerations.
I suspect that the thinking at Microsoft was that a patched Flash Player was better than an unpatched Flash Player, so they took on responsibility to ensure that Flash Player gets automatically patched in Windows 8. For instance, I noted on 5 different Windows 7 machines that unneeded residue from Flash Player 22.214.171.124 was left behind when Adobe "automatically" updated the latest version 126.96.36.199. Of course, guess what aspects were left behind? Yes, the vulnerable files.
I appreciate everyone's penchant for beating up on Microsoft, but the issue here is Adobe Flash Player, not Internet Explorer, Firefox, Safari or Chrome. When talking about security, pretty has no place.
Secunia is in need of an headline editor. Actually, that is OK with me because I really appreciate all of the really good that they do.