Criticality level Highly critical
Impact System access
Where From remote
Description
A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.
The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected.
Solution
Do not visit untrusted web sites or follow links from untrusted sources.
へーい。
5/12 追記
「Safari」にJavaScriptの脆弱性--US-CERTが警告 - CNET Japan
Vulnerability Note VU#943165 Apple Safari window object invalid pointer vulnerability - US-CERT
Apple Safari Information Disclosure and Code Execution
http://secunia.com/advisories/39670/
Last Update 2010-05-11
Solution
Disable JavaScript (e.g. via the "Security" tab in the Safari preferences dialog). Do not authenticate to sites that use HTTP basic authentication and use redirections to different domains.
タイトルまで変わってるし。 >Secunia Advisory SA39670
ブラウザの動作確認のためにインスコしてあるけど、JavaScript無効にしたら確認もできないよなぁ。
うpだてされるまでアンインスコしとくか。 >Safari 4.0.5