Yes, and MSIE is not involved in any way in this action, nor is the option actually labeled "Open." Right-click on any image in Firefox and the option for "View" is present; this will cause Firefox to invoke the associated application for viewing. What's so hard to understand about this? Haven't you ever right-clicked on what appeared to be a broken image link in an attempt to view it?

Generally speaking, Firefox is only safe as long as its unknown vulnerabilities remain unknown. In this case, a small amount of additional effort is required to infect a computer with a trojan WMF. While I agree that it's less likely for someone to right-click and view what appears to be a broken image, it's certainly not outside the realm of possibility. And a WMF file as an email attachment is just as much a problem . . . as I said, until this advisory, they were considered innocuous files and unlikely to trigger a user's defenses.

It's also worth noting that there is at least one popular extension for Firefox that will display the current page in MSIE. It's primarily used in cases where the page is not HTML-compliant. If a page containing a trojan WMF is rendered incorrectly in Firefox and the user elects to view it in MSIE, boom, he's infected.

I use Firefox almost exclusively, and my email client is Thunderbird. But I'm not under any illusions regarding my computer's safety and security on the internet, and I'm of the opinion that brushing off the WMF issue as MSIE-specific is a mistake. Any application that displays a WMF file via Shimgvw.dll (Windows Picture and Fax Viewer) could trigger infection.