Safari 4.0.2 fixes security issues
Apple released Safari 4.0.2 that contains two security fixes. Issues affect Mac OS X, Windows XP and Vista.
Visiting a maliciously crafted website may lead to a cross-site scripting attack
An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.