It seems that in Service Pack 2 IE6 will finally have a pop-up blocker:
http://www.arstechnica.com/wankerdesk/04q1/sp2-beta-3.html

I tried looking on MSDN to see if any other changes were made (such as better css support). This is the only article I found:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp

If anyone knows if there are any other changes to IE6 could post them?



BTW Did you ever notice on the "Technology and Sciences..." forum it says "related topics should be posted in the Web Building forum" but the actual forum name is "General Web Building". Not a big deal but I just wanted to be annoying.

Please note that these quotes are from a much larger document which details all the security changes in XP SP2, it should be kept in mind that as testing of SP2 progresses it's possible this list of changes will also change.


Add-on management:


Internet Explorer Add-on Management allows users to view and control the list of add-ons that can be loaded by Internet Explorer with more detailed control than before. It also shows the presence of some add-ons that were previously not shown and could be very difficult to detect.

Internet Explorer Add-on Crash Detection attempts to detect crashes in Internet Explorer that are related to an add-on. When the add-on is successfully identified, this information is presented to the user. The user has the option of disabling add-ons to diagnose frequent crashes and improve the overall stability of Internet Explorer.


This means Gator and the ilk will no longer be able to silently hide themselves. :thumbsup:

Binary Behaviors Security setting:


Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. These binary behaviors not are controlled by any Internet Explorer security setting which allows them to work on Web pages in the Restricted Sites zone. In Windows XP Service Pack 2, there is a new Internet Explorer security setting for binary behaviors. This new setting disables binary behaviors in the Restricted Sites zone by default. This new binary behaviors security setting provides a general mitigation to vulnerabilities in Internet Explorer binary behaviors.


BindToObject mitigation:


In Windows XP Service Pack 2, the ActiveX security model is applied in all cases where URL binding is used to instantiate and initialize an object. The ActiveX security model allows controls to be marked as “safe for scripting” and “safe for initialization” and provides users with the ability to block or allow ActiveX controls by security zone, based on those settings. This allows greater flexibility and control of active content in Internet Explorer.


MS JVM setting:


Previous versions of Windows included the Microsoft Java Virtual Machine (MSJVM). An Internet Explorer security setting for Java could be used to disable the MSJVM, but this setting would also disable a Java virtual machine from any other software vendor. Windows XP Service Pack 2 contains an Internet Explorer security setting that works exclusively with the MSJVM and will rename the previous setting so that its effect in Internet Explorer is clearer. The default value of these setting changes allows the MSJVM will continue to operate as it did previously. By default, the MSJVM is enabled for all zones except the Restricted Sites zone. In the Restricted Sites zone, the MSJVM is disabled by default. This new MSJVM security setting provides an easy mechanism to turn off the MSJVM if necessary.


Local Machine Zone Lockdown:


When Internet Explorer opens a Web page, it places restrictions on what the page can do, based on the location of the Web page. For example, Web pages that are located on the Internet might not be able to perform some operations, such as accessing information from the local hard drive.
On the other hand, Web pages on the local computer are in the Local Machine zone, where they have the fewest security restrictions. The Local Machine zone is an Internet Explorer security zone, but is not displayed in the settings for Internet Explorer. The Local Machine zone allows Web content to run with fewer restrictions. Unfortunately, attackers also try to take advantage of the Local Machine zone to elevate their privileges and compromise a computer.
In Windows XP Service Pack 2, all local files and content that is processed by Internet Explorer has the security of the Local Machine zone applied to it. This differs from previous versions, where local content was considered to be secure and had no zone-based security was placed on it.
This feature dramatically restricts HTML in the Local Machine zone and HTML that is hosted in Internet Explorer. This helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.


MIME handling enforcement:


Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) type information to decide how to handle files that have been sent by a Web server. For example, when there is a Hypertext Transfer Protocol (HTTP) request for .jpg files, when they are received, they will generally be displayed to the user in an Internet Explorer window. If Internet Explorer receives an executable file, Internet Explorer generally prompts the user for a decision on how to handle the file.
In Windows XP Service Pack 2, Internet Explorer will follow stricter rules that are designed to reduce the attack surface for spoofing the Internet Explorer MIME-handling logic.


Object Caching:


In previous versions of Windows with Internet Explorer, some Web pages could access objects cached from another Web site. In Windows XP Service Pack 2, a reference to an object is no longer accessible when the user navigates to a new domain.


Pupup Manager:

Pop-up Manager blocks most unwanted pop-up windows from appearing. Pop-up windows that are launched when the end user clicks a link will not be blocked.
End users and IT administrators can let specific domains launch programmatic pop-up windows. Developers will be able to use or extend the pop-up functionality in Internet Explorer for applications hosting Internet Explorer.


Untrusted Publishers:


This feature allows the user to block all signed content from a given publisher without showing the Authenticode dialog box to the user while doing so. This stops code from the blocked publisher to be installed. This feature also blocks installation of code with invalid signatures.


Blocking Invalid Signatures:

By default, Windows blocks the installation of signed code if it has an invalid digital signature.


One Prompt Per Control Per Page

Internet Explorer only prompts once per ActiveX control per page.


This means you no longer have to reject a control several times if the page uses several instances of it.

Ellipsis placed on text for Application description and Publisher name:


When the text that is given for the application description, file name, or publisher name is wider than the dialog box in width, Internet Explorer places an ellipsis on the text. This helps indicate to the user that there is more text that they are not seeing.


Window Restrictions:


Internet Explorer provides the capability for scripts to programmatically open additional windows of various types, and to resize and reposition existing windows. The Window Restrictions security feature, formerly called UI Spoofing Mitigation, restricts two types of script-initiated windows that have been used by malicious persons to deceive users: popup windows (which do not have components such as the address bar, title bar, status bar, and toolbars) and windows that include the title bar and status bar.


Script repositioning of IE Windows:


Script-initiated windows with the title bar and status bar are constrained in scripted movement to ensure that these important and informative bars remain visible after the operation completes.
· Scripts cannot position windows so that the title bar or address bar are above the visible top of the display.
· Scripts cannot position windows such that the status bar is below the visible bottom of the display.


Script Sizing of IE Windows:

Script-initiated windows that include a title bar and status bar are constrained in scripted sizing to ensure that the title bar and status bar remain visible after the operation completes.
· Scripts cannot resize windows such that the title bar, address bar, or status bar cannot be seen.
· When creating a window, the definition of the fullscreen=yes specification is changed to mean “show the window as maximized,” which will keep the title bar, address bar, and status bar visible.


Script Management of IE Status Bar:


Internet Explorer has been modified to not turn off the status bar for any windows. The status bar is always visible for all Internet Explorer windows.


IE Pop up window placement:


Script-initiated popup windows are now constrained so that they:
· Do not extend above the top or below the bottom of the parent Internet Explorer Web Object Control (WebOC) window.
· Are smaller in height than the parent WebOC window.
· Overlap the parent window horizontally.
· Stay with the parent window if the parent window moves.
· Appear above its parent so other windows (such as a dialog box) cannot be hidden.


(Specifically referring to windows created with window.createPopup())

Zone Elevation Blocks:


When a Web page is opened in Internet Explorer, Internet Explorer puts restrictions on what the page can do, based on where that Web page came from: the Internet, a local intranet server, a trusted site, and so on. For example, pages on the Internet have stricter security restrictions than pages on a user’s local intranet. Web pages on a user’s computer are in the Local Machine security zone, where they have the fewest security restrictions. This makes the Local Machine security zone a prime target for malicious users. Zone Elevation Blocks makes it harder to get code to run in this zone. In addition, Local Machine Zone Lockdown makes the zone less vulnerable to malicious users by changing its security settings.