As explained in this Defcon paper, Firefox is safer because :
- Mozilla release security patches faster than Microsoft does,
- Firefox can download and apply them automatically.
The bottom line is that Firefox users are less vulnerable to new security issues, because they simply get fixed quicker in Firefox.
I definitely recommend NoScript, a Firefox add-on which removes all kinds of malicious scripts you may encounter in the wild. If you're running Windows, you should also consider the following (free!) programs:
- Spybot, the best (?) anti-malware / anti-spyware program.
- a good antivirus, like AntiVir.
- a good personal firewall, like ZoneAlarm.