From the methodology document (http://yourbrowsermatters.org/docs/methodology.pdf
*Why doesn’t the score give importance to vulnerabilities, for example by taking
into account the number of vulnerabilities known for a browser?*
Overall the score was designed with one consideration in mind – make it easy for everyone to determine how many security features their browser has. Features that help mitigate the impact of vulnerabilities are given prominence. An entire category, “Attacks Against the Browser” is dedicated to such features.
Counting individual vulnerabilities would be complex because in many cases the vulnerabilities differ from browser to browser, and comparison across browsers would not be fair for vulnerabilities that are specific to one browser. Furthermore, using individual vulnerabilities would be contrary to the purpose and intention of the browser score.