I'm not too sure about Firefox specifically but I know there were some vulnerabilities in image format handling etc. that could be exploited without JS; this is the most prominent one that comes to mind:
However, to evade detection and frustrate any reverse-engineering attempts, even these sorts of exploits are usually "packaged" in an obfuscated JS wrapper, so they would still require it enabled to work.
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
However, to evade detection and frustrate any reverse-engineering attempts, even these sorts of exploits are usually "packaged" in an obfuscated JS wrapper, so they would still require it enabled to work.