I disabled all update checking. Of course this is not optimal, I'm hoping FF comes out with a fix shortly (I'll have to manually request the fix update though!).
(Credit to a work colleague for this fix.)
Update 7/24/09: After a few days I realized removing update checking didn't really fix things. Another colleague spotted the bug report. Wow.
It's remarkable how long it took the Firefox team to admit there was a serious problem, and how egregiously bad the original security related design decision was. Per my colleague:
Apparently the issue is that the Firefox 3.5 NSS (Network Security System) reads all the files in the IE cache and the Windows Temp folder to generate a seed for its PRNG. Not only is that expensive in and of itself but it also might (!) cause your AV scanners to re-scan every one of the touched files. Apparently clearing your IE cache and Windows temp files may or may not help.This should be a wake-up call for Firefox. How did this design make it into production? Why was there so much resistance to admitting something was badly wrong?
Update 7/24/09b: The newest release may have a fix.
Update 7/24/09c: It was a bad design flaw, but I now see why I was so affected by it. Some IE install glitch had given me a HUGE IE cache -- one that was above the IE 8 1GB limit! I only discovered this when trying to reset it, and discovering IE shrunk it to 1GB. I set it to 50MB and deleted what was in there. As usual my Windows Temp folder also held quite a bit of junk, but it was the IE cache that was huge.