Firefox does have weaknesses, but there's one main structural difference that will always separate them. Firefox is it's own application and own renderer, running with the priviliges of the user. IE's "engine" (mshtml.dll) is a system-level library, fully capable of hosing the system should it be compromized. Add to that the fact that many applications, such as Outlook, use that same engine to give multiple angles of attack for the same security hole.
The same can be said of M$'s IIS service for web services, vs Apache on Linux.