CVE-2009-0162

Name of the Vulnerable Software and Affected Versions Safari versions prior to 3.2.3 Safari version 4 Public Beta

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. This affects Safari on Apple Mac OS X 10.5 before 10.5.7 and Windows.

Recommendations For Safari versions prior to 3.2.3, update to version 3.2.3 or later. For Safari version 4 Public Beta, avoid using the feed: URL feature until a patch is available. As a temporary workaround, consider disabling JavaScript in Safari to minimize the risk of exploitation.