A mail from Apple just popped into my inbox announcing the release of Safari 3.0.1 Beta for Windows fixing these vulnerabilities:
CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A command injection vulnerability exists in the Windows
version of Safari 3 Public Beta. By enticing a user to visit a
maliciously crafted web page, an attacker can trigger the issue which
may lead to arbitrary code execution. This update addresses the
issue by performing additional processing and validation of URLs.
This does not pose a security issue on Mac OS X systems, but could
lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected
application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public
Beta for Windows may lead to an unexpected application termination or
arbitrary code execution when visiting a malicious website. This
issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows
may allow cross site scripting. Visiting a maliciously crafted web
page may allow access to JavaScript objects or the execution of
arbitrary JavaScript in the context of another web page. This issue
does not affect Mac OS X systems.
CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A command injection vulnerability exists in the Windows
version of Safari 3 Public Beta. By enticing a user to visit a
maliciously crafted web page, an attacker can trigger the issue which
may lead to arbitrary code execution. This update addresses the
issue by performing additional processing and validation of URLs.
This does not pose a security issue on Mac OS X systems, but could
lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected
application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public
Beta for Windows may lead to an unexpected application termination or
arbitrary code execution when visiting a malicious website. This
issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows
may allow cross site scripting. Visiting a maliciously crafted web
page may allow access to JavaScript objects or the execution of
arbitrary JavaScript in the context of another web page. This issue
does not affect Mac OS X systems.
