I don't understand how a web browser can have critical security issues. It doesn't seem like it'd be too hard to code a browser that doesn't let websites execute malicious code.

> Browser downloads files
> displays text/images according to html/css
> lets some javascript code execute that modifies what is displayed

At what point does Firefox or Chrome fuck this up and let "malicious websites" access user files and install malware?