Microsoft has posted a very extensive article outling the security improvements to IE8. Improvements have
been made to the following area's.
– Cross-Site-Scripting Defenses
– Safer Mashups (HTML and JSON Sanitization)
– MIME-Handling Changes (Restrict Upsniff and Sniffing Opt-Out)
– Add-on Security
– Protected Mode
– Application Protocol Prompt
– File Upload Control
– Social Engineering Defenses
– Address Bar Domain Highlighting Improvements
– SmartScreen Phishing Filter
From the blog
"Hi! I'm Eric Lawrence, Security Program Manager for Internet Explorer. Last Tuesday, Dean wrote about our principles for
delivering a trustworthy browser; today, I'm excited to share with you details on the significant investments we've made in
Security for Internet Explorer 8. As you might guess from the length of this post, we've done a lot of security work for
this release. As an end-user, simply upgrade to IE8 to benefit from these security improvements. As a domain administrator,
you can use Group Policy and the IEAK to set secure defaults for your network. As web-developer, you can build upon some of
these new features to help protect your users and web applications.
As we were planning Internet Explorer 8, our security teams looked
closely at the common attacks in the wild and the trends that suggest
where attackers will be focusing their attention next. While we were
building new Security features, we also worked hard to ensure that
powerful new features (like Activities and Web Slices) minimize attack
surface and don't provide attackers with
new targets. Out of our planning work, we classified threats into three
major categories: Web Application Vulnerabilities, Browser & Add-on
Vulnerabilities, and Social Engineering Threats. For each class of
threat, we developed a set of layered mitigations to provide
defense-in-depth protection against exploits."
Article Link: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
