Safari 4.0.2 fixes security issues

Apple released Safari 4.0.2 that contains two security fixes. Issues affect Mac OS X, Windows XP and Vista.

Visiting a maliciously crafted website may lead to a cross-site scripting attack

An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.