Sent to you by Chris Hunter via Google Reader:
In a perfect world, there would be no way for your computer to be infected via your browser. Browsers are supposed to run web pages in an untrusted sandbox, isolating them from the rest of your computer. Unfortunately, this doesn't always happen.
Websites can use security holes in browsers or browser plugins to escape these sandboxes. Malicious websites will also try using social-engineering tactics to trick you.