Tech lead of pdf.js here: All of the above exploits were issues with extension code in firefox, i.e. other extensions could have these issues too. If you were to use the web only version of pdf.js none of these exploits would apply.
For comparison, NIST NVD lists 445 CVEs for Acrobat, or at least 17 per year since introduction. However CVEs haven't been maintained since the early 90s, so that number should be much higher. I think pdf.js does just fine.
pdf.js does a lot less, of course. Really you should compare Firefox to Acrobat, as they are both rich media rendering apps with a lot of functionality.
One of the points of something like pdf.js is that in most cases you don't need all that extra fluff. You just want to look at some PDF. So doing less is exactly what allows pdf.js to be (more) secure.
The wording was confusing for me too. At first reading I understood it as saying CVEs were no longer being issued for Acrobat, which definitely isn't the case. I assume the intended meaning was that Acrobat was first released in 1993[0], but the first CVE was CVE-1999-0001 (source: downloaded the raw dump from [1], ran grep -m1 CVE-....-0001).
But, I'm doubtful there would have been all that many CVEs issued for Acrobat from 1993-1998. There was only one CVE that mentioned "Acrobat" each year from 1999-2001, and three in 2002. The more recent years are the fun ones - but I have no idea whether that's a result of freshly-introduced exploitable bugs or just increased attention.
A quick Google search found only four:
https://www.mozilla.org/en-US/security/advisories/mfsa2013-9... (another local file disclosure)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-3... (needs to be "combined with a separate vulnerability" to be exploitable)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-6... (needs to be "combined with a separate vulnerability" to be exploitable)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-7... (this one)
It still is looking better than the plugin it replaced.