Safari 6.0.5 - Changelog

What's new in Safari 6.0.5:

June 5th, 2013

Safari 6.0.5 is now available and addresses the following:

· Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
· A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking.
· A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content.
· XSS Auditor may rewrite URLs to prevent cross-site scripting attacks. This may lead to a malicious alteration of the behavior of a form submission. This issue was addressed through improved validation of URLs.

What's new in Safari 6.0.4:

April 17th, 2013

Safari 6.0.4 is now available and addresses the following:

· CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.

What's new in Safari 6.0.3:

March 15th, 2013

HIGHLIGHTS:
· Improves scrolling on facebook.com
· Improves scrolling while zoomed in on a webpage
· Improves performance on webpages with plug-in content
· A fix for an issue that could cause the inaccurate appearance of an alert that bookmarks can't be changed
· A fix for an issue that could cause duplicate bookmarks to appear on an iOS device after editing bookmarks with Safari in OS X
· A fix for an issue that permitted users to access unfiltered search results when searching from google.com when Parental Controls are enabled
· A fix for an issue that could prevent Safari from restoring the last position on a webpage a user navigated back to

ADDS FIXES FOR THE FOLLOWING SECURITY ISSUES:

WEBKIT:
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID:
· CVE-2012-2824 : miaubiz
· CVE-2012-2857 : Arthur Gerkis
· CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0951 : Apple
· CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team
· CVE-2013-0955 : Apple
· CVE-2013-0956 : Apple Product Security
· CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team
· CVE-2013-0960 : Apple
· CVE-2013-0961 : wushi of team509 working with iDefense VCP

WEBKIT:
· Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
· Description: A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking.
CVE-ID:
· CVE-2012-2889 : Sergey Glazunov

WEBKIT:
· Impact: Copying and pasting content on a malicious website may lead to a cross-site scripting attack
· Description: A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content.
CVE-ID:
· CVE-2013-0962 : Mario Heiderich of Cure53

What's new in Safari 6.0.2:

November 2nd, 2012

Adds fixes for the following security issues:

WebKit CVE-2012-3748 (Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative):
· Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.

WebKit CVE-2012-5112 (Pinkie Pie working with Google's Pwnium 2 contest):
· Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.

What's new in Safari 5.1.7:

May 9th, 2012

· Improve the browser's responsiveness when the system is low on memory
· Fix an issue that could prevent webpages from responding after using a pinch to zoom gesture
· Fix an issue that could affect websites using forms to authenticate users
· Disable versions of Adobe Flash Player that do not include the latest security updates and provide the option to get the current version from Adobe's website.

What's new in Safari 5.1.5:

March 27th, 2012

LION:
· Safari 5.1.5 contains a fix for an issue that could affect website usability when running Safari in 32-bit mode.

SNOW LEOPARD:
Safari 5.1.5 contains improvements to usability and stability, including changes that:
· Fix an issue that could affect website usability when running Safari in 32-bit mode
· Fix an issue that could affect the stability of Software Update on Mac OS X Server v10.6.8

What's new in Safari 5.1.4:

March 13th, 2012

LION:
· Improve JavaScript performance
· Improve responsiveness when typing into the search field after changing network configurations or with an intermittent network connection
· Address an issue that could cause webpages to flash white when switching between Safari windows
· Address issues that prevented printing U.S. Postal Service shipping labels and embedded PDFs
· Preserve links in PDFs saved from webpages
· Fix an issue that could make Flash content appear incomplete after using gesture zooming
· Fix an issue that could cause the screen to dim while watching HTML5 video
· Improve stability, compatibility and startup time when using extensions
· Allow cookies set during regular browsing to be available after using Private Browsing
· Fix an issue that could cause some data to be left behind after pressing the “Remove All Website Data” button

SNOW LEOPARD:
· Improve responsiveness when typing into the search field after changing network configurations or with an intermittent network connection
· Address an issue that could cause webpages to flash white when switching between Safari windows
· Address issues that prevented printing U.S. Postal Service shipping labels and embedded PDFs
· Preserve links in PDFs saved from webpages
· Correct the contents of context menus on webpages that are PDFs
· Fix an issue that could cause the screen to dim while watching HTML5 video
· Improve stability, compatibility and startup time when using extensions
· Allow cookies set during regular browsing to be available after using Private Browsing
· Fix an issue that could cause some data to be left behind after pressing the “Remove All Website Data” button

What's new in Safari 5.1.2:

November 30th, 2011

· Improve stability
· Address issues that could cause hangs and excessive memory usage
· Address issues that could cause webpages to flash white
· Allow PDFs to be displayed within web content

What's new in Safari 5.1.1:

October 12th, 2011

· Improve JavaScript performance up to 13% over Safari 5.1
· Address issues that could cause hangs and excessive memory usage
· Improve stability when using Find, dragging tabs, and managing extensions
· Improve stability for netflix.com and other websites that use the Silverlight plug-in
· Address an issue that could prevent East Asian character input into webpages with Flash content
· Address an issue that could cause History items to appear incorrectly
· Improve printing from Safari
· Address an issue that could prevent the Google Safe Browsing Service from updating

What's new in Safari 5.1:

July 20th, 2011

New features:
· Reading List: Easily add webpages and links to your Reading List to browse when you have time.
· New Process Architecture: Safari has been re-engineered for improved stability and responsiveness.
· Resume: In the General pane of Safari preferences, you can now choose to launch Safari with the windows from your last browsing session.
· Better Privacy: A new Privacy pane in Safari preferences makes it easy to remove data that websites can leave on your system.

Other improvements:
· Private AutoFill: Safari lets you fill out forms quickly while keeping your personal information private.
· Find Option: When you use Find, you can choose whether you want to search for text that contains or starts with the text that you type in the search field.
· Drag-and-drop Downloads: You can drag items out of the Downloads window in Safari, so you can easily place downloaded files on the Desktop.
· Advanced Web Technologies: Safari introduces support for full-screen webpages, media caching with the HTML5 application cache, MathML, Web Open Font Format, CSS3 Auto-hyphenation, CSS3 Vertical Text, CSS3 Text Emphasis, Window.onError, and Formatted XML files.
· New Extension APIs: Developers can take advantage of new Safari Extension support for popovers, menus, new event classes, and interaction with Reader.

What's new in Safari 5.0.6:

July 20th, 2011

· Stability improvements for web applications that use WebSocket with certain proxy configurations
· Improvements to the appearance and layout of text with HTML5 ruby annotations
· A fix for an issue that could cause elements in frames to appear in the wrong place on pandora.com and other websites

What's new in Safari 5.0.5:

April 15th, 2011

WebKit:
· Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
· CVE-ID: CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann working with TippingPoint's Zero Day Initiative

WebKit:
· Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
· CVE-ID: CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day Initiative, and Martin Barbella

What's new in Safari 5.0.4:

March 9th, 2011

· Improved stability for webpages with multiple instances of plug-in content
· Improved compatibility with webpages with image reflections and transition effects
· A fix for an issue that could cause some webpages to print with incorrect layouts
· A fix for an issue that could cause content to display incorrectly on webpages with plug-ins
· A fix for an issue that could cause a Screen Saver to appear while video is playing in Safari
· Improved compatibility with VoiceOver on webpages with text input areas and lists with selectable items
· Improved stability when using VoiceOver

What's new in Safari 5.0.3:

November 18th, 2010

· More accurate Top Hit results in the Address Field
· More accurate results in Top Sites
· Fixes an issue that could cause content delivered with the Flash 10.1 plug-in to overlap webpage content
· More reliable pop-up blocking
· Improved stability when typing into search and text input fields on www.netflix.com andwww.facebook.com
· Improved stability when using JavaScript-intensive extensions
· Improved stability when using VoiceOver with Safari

What's new in Safari 4.1.3:

November 18th, 2010

· More accurate Top Hit results in the Address Field
· More accurate results in Top Sites
· Fixes an issue that could cause content delivered with the Flash 10.1 plug-in to overlap webpage content
· More reliable pop-up blocking
· Improved stability when typing into search and text input fields on www.netflix.com andwww.facebook.com
· Improved stability when using VoiceOver with Safari

What's new in Safari 5.0.2:

September 8th, 2010

· Fixes an issue that could prevent users from submitting web forms
· Fixes an issue that could cause web content to display incorrectly when viewing a Google Image result with Flash 10.1 installed
· Establishes an encrypted, authenticated connection to the Safari Extensions Gallery

What's new in Safari 4.1.2:

September 8th, 2010

· Fixes an issue that could prevent users from submitting web forms

What's new in Safari 5.0.1:

July 28th, 2010

· More accurate Top Hit results in the Address Field
· More accurate timing for CSS animations
· Better stability when using the Safari Reader keyboard shortcut
· Better stability when scrolling through MobileMe Mail
· Fixes display of multipage articles from www.rollingstone.com in Safari Reader
· Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems
· Fixes an issue that prevented Safari from launching on Leopard systems with network home directories
· Fixes an issue that could cause borders on YouTube thumbnails to disappear when hovering over the thumbnail image
· Fixes an issue that could cause Flash content to overlap with other content on www.facebook.com, www.crateandbarrel.com, and other sites when using Flash 10.1
· Fixes an issue that prevented boarding passes from www.aa.com from printing correctly
· Fixes an issue that could cause DNS prefetching requests to overburden certain routers
· Fixes an issue that could cause VoiceOver to misidentify elements of webpages

What's new in Safari 5.0:

June 8th, 2010

This update contains new features including:
· Safari Reader: Click on the new Reader icon to view articles on the web in a single, clutter-free page.
· Improved Performance: Safari 5 executes JavaScript up to 25% faster than Safari 4. Better page caching and DNS prefetching speed up browsing.
· Bing Search Option: New Bing search option for Safari's Search Field, in addition to Google and Yahoo!.
· Improved HTML5 support: Safari supports over a dozen new HTML5 features, including Geolocation, full screen for HTML5 video, closed captions for HTML5 video, new sectioning elements (article, aside, footer, header, hgroup, nav and section), HTML5 AJAX History, EventSource, WebSocket, HTML5 draggable attribute, HTML5 forms validation, and HTML5 Ruby.
· Safari Developer Tools: A new Timeline Panel in the Web Inspector shows how Safari interacts with a website and identifies areas for optimization. New keyboard shortcuts make it faster to switch between panels.

Other improvements include:
· Smarter Address Field: The Smart Address Field can now match text against the titles of webpages in History and Bookmarks, as well as any part of their URL.
· Tabs Setting: Automatically open new webpages in tabs instead of in separate windows.
· Hardware Acceleration for Windows: Use the power of the computer's graphics processor to smoothly display media and effects on PC as well as Mac.
· Search History with Date: A new date indicator in Full History Search shows when webpages were viewed.
· Top Sites/History Button: Switch easily between Top Sites and Full History Search with a new button that appears at the top of each view.
· Private Browsing Icon: A “Private” icon appears in the Smart Address Field when Private Browsing is on. Click on the icon to turn off Private Browsing.
· DNS Prefetching: Safari looks up the addresses of links on webpages and can load those pages faster.
· Improved Page Caching: Safari can add additional types of webpages to the cache so they load quickly.
· XSS Auditor: Safari can filter potentially malicious scripts used in cross-site scripting (XSS) attacks.
· Improved JavaScript Support: Safari allows web applications that use JavaScript Object Notation (JSON) to run faster and more securely.

What's new in Safari 4.0.5:

March 12th, 2010

This update is recommended for all Safari users and includes improvements to performance, stability, and security including:
· Performance improvements for Top Sites
· Stability improvements for 3rd-party plug-ins
· Stability improvements for websites with online forms and Scalable Vector Graphics
· Fixes an issue that prevented Safari from changing settings on some Linksys routers

What's new in Safari 4.0.4:

November 11th, 2009

· Improved JavaScript performance
· Improved Full History Search performance for users with a large number of history items
· Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail

What's new in Safari 4.0.3:

August 12th, 2009

· Stability improvements for webpages that use the HTML 5 video tag.
· Stability improvements for 3rd-party plug-ins.
· Stability improvements for Top Sites.
· Fixes an issue that prevented some users from logging into iWork.com
· Fixes an issue that could cause web content to be displayed in greyscale instead of color.

What's new in Safari 4.0.2:

July 8th, 2009

· Recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.

What's new in Safari 4.0.1:

June 18th, 2009

· This update addresses incompatibilities between Safari 4.0 and certain features in iPhoto '09, including Places and Facebook publishing.

What's new in Safari 4.0:

June 8th, 2009

· Now, with Safari 4, you can choose your favorite sites from a stunning wall of graphical previews with Top Sites.
· Flip through websites as easily as you flip through albums in iTunes with Cover Flow. Easily retrieve sites you've seen before with Full History Search.

What's new in Safari 3.2.3:

May 13th, 2009

· libxml - Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3.
· Safari - Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
· Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. These issues are addressed in Safari 3.2.3. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.
· WebKit - Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
· Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.

What's new in Safari 4 Beta:

February 24th, 2009

· Top Sites, a display of frequently visited pages in a stunning wall of previews so users can jump to their favorite sites with a single click;
· Full History Search, where users search through titles, web addresses and the complete text of recently viewed pages to easily return to sites they've seen before;
· Cover Flow, to make searching web history or bookmarks as fun and easy as paging through album art in iTunes(R);
· Tabs on Top, for better tabbed browsing with easy drag-and-drop tab management tools and an intuitive button for opening new ones;
· Smart Address Field, that automatically completes web addresses by displaying an easy-to-read list of suggestions from Top Sites, bookmarks and browsing history;
· Smart Search Field, where users fine-tune searches with recommendations from Google Suggest or a list of recent searches;
· Full Page Zoom, for a closer look at any website without degrading the quality of the site's layout and text;
· Nuilt-in web developer tools to debug, tweak and optimize a website for peak performance and compatibility.

What's new in Safari 3.2.1:

November 25th, 2008

· This update includes stability improvements and is recommended for all Safari users.

What's new in Safari 3.2:

November 14th, 2008

· Available for: Windows XP or Vista
· Impact: Multiple vulnerabilities in zlib 1.2.2
· Description: Multiple vulnerabilities exist in zlib 1.2.2, the most serious of which may lead to a denial of service. This update addresses the issues by updating to zlib 1.2.3. These issues do not affect Mac OS X systems. Credit to Robbie Joosten of bioinformatics@school, and David Gunnells of the University of Alabama at Birmingham for reporting these issues.

· CVE-ID: CVE-2008-1767
· Available for: Windows XP or Vista
· Impact: Processing an XML document may lead to an unexpected application termination or arbitrary code execution
· Description: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via http://xmlsoft.org/XSLT/ This issue does not affect Mac OS X systems that have applied Security Update 2008-007. Credit to Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security Team for reporting this issue.

· CVE-ID: CVE-2008-3623
· Available for: Windows XP or Vista
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A heap buffer overflow exists in CoreGraphics' handling of color spaces. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.

· CVE-ID: CVE-2008-2327
· Available for: Windows XP or Vista
· Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
· Description: Multiple uninitialized memory access issues exist in libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of TIFF images. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit: Apple.

· CVE-ID: CVE-2008-2332
· Available for: Windows XP or Vista
· Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
· Description: A memory corruption issue exits in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved processing of TIFF images. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit to Robert Swiecki of the Google Security Team for reporting this issue.

· CVE-ID: CVE-2008-3608
· Available for: Windows XP or Vista
· Impact: Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution
· Description: A memory corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images. Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved processing of ICC profiles. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit: Apple.

· CVE-ID: CVE-2008-3642
· Available for: Windows XP or Vista
· Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
· Description: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ICC profiles in images. This issue does not affect Mac OS X systems that have applied Security Update 2008-007. Credit: Apple.

· CVE-ID: CVE-2008-3644
· Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
· Impact: Sensitive information may be disclosed to a local console user
· Description: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a local user. This update addresses the issue by properly clearing the form data. Credit to an anonymous researcher for reporting this issue.

· CVE-ID: CVE-2008-2303
· Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A signedness issue in Safari's handling of JavaScript array indices may result in an out-of-bounds memory access. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript array indices. Credit to SkyLined of Google for reporting this issue.

· CVE-ID: CVE-2008-2317
· Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
· Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
· Description: A memory corruption issue exists in WebCore's handling of style sheet elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved garbage collection. Credit to an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting this issue.

· CVE-ID: CVE-2008-4216
· Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
· Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
· Description: WebKit's plug-in interface does not block plug-ins from launching local URLs. Visiting a maliciously crafted website may allow a remote attacker to launch local files in Safari, which may lead to the disclosure of sensitive information. This update addresses the issue by restricting the types of URLs that may be launched via the plug-in interface. Credit to Billy Rios of Microsoft, and Nitesh Dhanjani of Ernst & Young for reporting this issue.

What's new in Safari 3.1.1:

April 17th, 2008

· A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems. Available for: Windows XP or Vista.
· A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems. Available for: Windows XP or Vista.

· An issue exists in WebKi's handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue. Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista.
· A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues. Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista.

What's new in Safari 3.1:

March 18th, 2008

· Improves JavaScript performance
· Adds support for CSS 3 web fonts
· Adds support for CSS transforms and transitions
· Adds support for HTML 5 and elements
· Adds support for offline storage for Web applications in SQL databases
· Adds support for SVG images in IMG elements and CSS images
· Adds support for SVG advanced text
· Improves Back/Forward performance
· Supports signed Java applets
· Shows Caps Lock icon in password fields
· Adds support for showModalDialog
· Localized in 16 languages
· Adds support for International Domain Names
· Improves handling of Japanese, Chinese, and Korean text
· Contextual menu now allows opening a link in a window or tab
· Improves pop-up blocking to work with plug-ins
· Increases site compatibility
· Improves application stability
· Adds option in Safari preferences to turn on the new Develop menu which contains various web development features
· Allows access to Web Inspector
· Allows access to Network Timeline
· Allows editing CSS in the Web Inspector
· Allows custom user agent string
· Improves snippet editor
· Double clicking on the Tab Bar opens new tab
· Includes URL metadata when images are dragged or saved from browser
· Opens Download and Activity window in current Space
· Supports trackpad gestures for back, forward, and magnify on MacBook Air and compatible MacBook Pro computers
· Shows Caps Lock icon in password fields