Short version: Of course. The Gecko devs have been working on it while the Update stuff was happening.
Long version:
There are multiple players here, the Mozilla Update team, and the Gecko team (Gecko is the engine behind Firefox and Mozilla). The Gecko team has been working on the patches to actually fix the hole since the bug was reported. When I say, "Gecko team" here, I mean the people who are trusted enough to see serious security holes, and knowledgable enough to do something about them. I'm not one of those people. Had the exploit not been leaked, it would have probably been fixed this week and we'd have seen a 1.0.4 with no big risk of many people getting exploited.
However, it did leak, and many people were put at risk. When I saw the exploit and figured out how it worked, I saw a way we could mitigate the published exploits with a change to Mozilla Update code on the server (the Gecko devs probably didn't see it because they aren't also Mozilla Update devs and didn't know what kind of things we could do). We made the first change on Saturday, and on Sunday I saw we could completely mitigate variations of the published exploits that remained dangerous, without completely taking down Mozilla Update (which we considered doing).
The changes made by the Mozilla Update team to mitigate the exploit are completely orthogonal to the actual fix which will go into Firefox 1.0.4 and Mozilla 1.7.8. While the Update team was figuring out how to make the exploits stop working, the Gecko devs were simultaneously working on patches to remove the hole itself.
Facebook
Twitter