Among the slew of improved security features in Mac OS X Lion is a greatly enhanced sandboxing capability.
Specifically, sandboxing is a security mechanism that isolates untrusted programs and allows them to run in confined environments, limiting the access the applications have to the rest of the OS.
And Lion features this capability prominently. The most noteworthy example is in Safari. Mac’s update browser now incorporates sandboxing functionality, which enables the Web site content to load in a separate process with limited functionality. As such, malicious Web sites accessed by the Safari browser are prevented from gaining access to and compromising the rest of the system.