The second workaround is to disable the vulnerable component. These instructions were posted here and are pretty straightforward. Remember, this is only for FireFox 3.5.x:
One thing to remember is that the main feature of TraceMonkey was to speed up scripts, so the second workaround will slow script rendering a bit.
It's unfortunate this came to light when there are two Microsoft Internet Explorer exploits also making news - as a result Mozilla seems to be getting more flak than usual about it. Sophos is detecting the exploit code as Mal/JSShell-B.