The thing you are forgetting is that by using IE on Vista or Win7 you aren't exposed to the issues relating to the IE zero day bug or the Firefox bug.
The security pro's should probably be saying "avoid using Firefox until a fix is released, such as using IE7/IE8 on Vista or Windows 7".
Also to the guys gloating about NoScript and AdBlock.... the problem is that the majority of the users out there have less that "half a brain". FF has the market share where it's logical to assume that it's way, way past a geek thing. Mums and Dads, Grandma, kids etc. are all using FF on IT Pro's recommendations.
Do you really think they've installed NoScript? If you've installed it do you really think they haven't disabled it or will the very second they find out it's stopping them from getting their "FREE SCREENSAVER!!!"...? Course not.
Security by picking a product cause it's open source is bollocks. It's no better or worse than closed sourced.
And you can skip the bullshit about taking a year to fix. The IE exploit has been in the public domain for a few weeks, yet the dev's have known about it for a year. The FF one could easily have been in the same boat - where a sole dev has known about it but hasn't fixed it as it's not in the public domain as yet and a fix could break a lot.
P.S. I love the way OSS fans have gone from "it's open source so anyone can read the code. 100,000 devs looking at the codebase must make it more secure that just a few hundred." to moving along to a different angle of "it's all about the speed of a fix which anyone can do as it's open source." FUCK OFF! IT MAKES NO DIFFERENCE. Most people don't give a flying fuck if it's open, closed or ajar source - they won't bother looking at the code.