Actually, they're flaws that have been there.  They're not really even flaws, like the flaws that AIM had a while ago.  Two of the potential vulnerabilites have to do with html/xml pages that are stored on a user's computer for convenience.  The one that surprised me was the cookie one, which would allow one website to read or even alter a cookie from another website!  That's a no-no  

Microsoft has to release these patches because they're under such heavy scrutiny.

Don't think other browsers don't have vulnerabilities.