Apple Safari 3.1.1 for Windows - Critical Security Release

Apple has just released critical security updates for the Windows version of Safari that should be applied promptly for folks using this complementary browser in the Windows environment.

Apple Safari 3.1.1 for Windows - Critical Security Release
http://secunia.com/advisories/29846/
http://support.apple.com/kb/HT1467
http://www.apple.com/downloads/

Windows XP or Vista Safari -- CVE-ID: CVE-2007-2398

Impact: A maliciously crafted website may control the contents of the address bar

Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.
 

Windows XP or Vista Safari -- CVE-ID: CVE-2008-1024

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.