Secunia Advisory SA39670 Apple Safari "parent.close()" Code Execution Vulnerability

Criticality level Highly critical
Impact       System access
Where       From remote


Description
A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.

The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected.


Solution
Do not visit untrusted web sites or follow links from untrusted sources.

へーい。


5/12 追記
「Safari」にJavaScriptの脆弱性--US-CERTが警告 - CNET Japan
Vulnerability Note VU#943165 Apple Safari window object invalid pointer vulnerability - US-CERT

Apple Safari Information Disclosure and Code Execution
Last Update 2010-05-11
Solution
Disable JavaScript (e.g. via the "Security" tab in the Safari preferences dialog). Do not authenticate to sites that use HTTP basic authentication and use redirections to different domains.

http://secunia.com/advisories/39670/

タイトルまで変わってるし。 >Secunia Advisory SA39670
ブラウザの動作確認のためにインスコしてあるけど、JavaScript無効にしたら確認もできないよなぁ。
うpだてされるまでアンインスコしとくか。 >Safari 4.0.5