All software has its vulnerabilities, including Firefox. It's the vulnerabilities it doesn't have, ActiveX and embedding, that make it much safer. Of course, you can download the ActiveX plug-in for Firefox, but I don't reco' it. And there's no doing away with Explorer's kernel status. Hack IE and you can get into the kernel. Hack Firefox and where are you?
Firefox has also had more than its share of security vulnerabilities. There just aren't many working exploits because the user base is still smallish.