This is true, it's super important to practice good security when browsing the web. I recommend add-ons like NoScript and Adblock Plus. NoScript blocks Javascript functions unless you trust and allow the web page, and Adblock prevents Flash-based content from the same. Between these and an up-to-date antivirus, you'll be pretty well protected.