Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)
Just when I start to think I am being too paranoid leaving JavaScript disabled, I read this.
I temporarily enabled JavaScript for complaining about that bitcoin trademark :/