What SSL makes a site safer?
Encryption. In normal HTTP, data is sent in plaintext inside the network packets and someone using a sniffer , which is a program that captures packages, of them.
However, if the content of the data that travels on your connection is of considerable confidentiality (eg bank details, personal emails, etc.), SSL * provides you with strong encryption and very difficult to break ** (and HTTPS is nothing more than HTTP over SSL). In this way if someone inspects their data packets without knowing the cryptographic keys used, the content will consist of only a seemingly random and meaningless sequence of bytes.
What types of attacks do they avoid?
Mostly attacks based on data interception. If packets are intercepted, for those unaware of the cryptographic keys used, their content will not make any sense.
In addition, without SSL, someone could maliciously alter the contents of the packages between the source and the destination, after all they travel in plaintext , without encryption. With SSL, this becomes virtually impossible, because without having the cryptographic keys you can not introduce significant changes to the package without making it appear to be simply corrupted (being discarded altogether). The maximum that an attacker can do with this is to destroy the packets, not to modify them.
When implementing an SSL, is there any security relation to some types of attacks such as CSRF, for example?
No. This is already something that should be implemented by the application, it is not the responsibility of the transport layer (which is where SSL is).
(*) - Secure Sockets Layer (SSL) has been replaced by Transport Layer Security (TLS)), but this is an irrelevant detail to your question. SSL had three versions: 1.0, 2.0 and 3.0. And then came TLS 1.0, 1.1, 1.2 and 1.3 is being designed. In practice, TLS 1.0 is nothing more than an SSL 3.1 that has decided to rename it to standardize it with the Internet Engineering Task Force (IETF).
(**) - SSL actually allows both parties to negotiate which cryptographic protocol will actually be used, and if both agree on a weak protocol then security will not be assured. This is why it is important to configure the server to reject insecure cipher suites , many of which are enabled by default in the installation. Ssllabs has interesting tools for testing the server and the browser .
Thank you to Omni and mgibson for the suggestions given in your comments.