Firefox by all accounts isn't vulnerable to this attach by all accounts, even with noscript disabled, when I experienced page problem I checked the page source in trying to track the problem and saw the iframe tag. At first I just thought the forums was using it to gather page visited data, etc. and thought it a crazy method to do it.
However, when I tried using avant an IE clone web shield alerted. So I twigged the site had been infected, so I sent a report to avast.
These were the two images I tried to attach earlier that failed.
It would be interesting to know if this was purely a security failing of SMC 1.1.2 as I found several such issues on the Simple Machines forums and they were also using 1.1.2 but it seemed they also had a weakness in their webhosting service.