I don't think this has been mentioned on here yet but there is a nasty new exploit that uses the windows picture viewer and WMF files. Most browsers are vunerable since they open the files through the vunerable windows component and it looks like it is really easy to get infected.
There is some info here: http://www.f-secure.com/weblog/
There is some info here: http://www.f-secure.com/weblog/