This paper came out recently and examines the state of Web browser security and the correlation between a browser’s vulnerability and its advanced functionality.
http://www.microsoft.com/downloads/details.aspx?FamilyId=E550F940-37A0-4541-B5E2-704AB386C3ED&displaylang=en
A few interesting sections with their page numbers:
Security Versus Functionality 5Default Settings & Patches 6
Browser Attacks: How They Work 8Embedding Malicious Code in Web Pages and Sites 8URL Spoofing 8
Internet Explorer Service Pack 2 Security Enhancements 16
Local Machine Zone Lockdown 16Zone Elevation Blocks 16
Consistent MIME Handling and MIME Sniffing 17Preventing URL spoofing 17
Secure Download Management 18
Pop-up Window Controls 19
Add-on Management 20
The Future of Browser Security Including Internet Explorer 7 Enhancements 22