I think attacking IE's security is redundant. IE is fine. Firefox is fine.
If we want to talk about security let's talk about Adobe Reader, Java, Real Player, Flash, and all those other "common" third party apps that keep getting people infected.
Especially Adobe Reader - at current it contains abut 13 0-day vulnerabilities when you have a fully patched version - however you don't use Adobe Reader when running on Ubuntu.