For an organization still using XP, and that plans to continue using XP for at least another year, do you think it would be better to switch to Firefox 4 or continue to use IE8? Is Firefox configurable via GP? Patchable via WSUS or Local Update Publisher? What do you think?
No, you cannot control FF via GPO (without an add-on or script) or update via WSUS. You may be able to push patches with SCCM, but that would be overkill if you don't have it in your environment. In short, unless you have an explicit need for FF, or something is totally incompatible with IE in your environment, stick with IE if you want ease of updates.
If you're configuring settings with group policy and updating via WSUS, IE7/8/9 is really your only option.
You can do the same thing with Firefox to some degree, but it will require a lot of not-particularly-pleasant scripting.
Your best bet is really to use Internet Explorer if you're using WSUS and GPOs. IE is much more manageable than FF or even Chrome from a policy standpoint and updates through WSUS are a no brainer.
While FF can be managed with adm templates (they exist), it's much harder to lock it down and manage FF.
You can definitely use Local Update Publisher to install and patch Firefox. I'm the developer of LUP and I do that very thing. I would recommend using FrontMotion's MSI installers and creating your own MST transform file.
Is Google Chrome an option for you?
It has some basic GPO support: http://www.edugeek.net/forums/internet-related-filtering-firewall/31278-using-google-chrome-network.html