Apple · Macos X · CVE-2009-0162
**Name of the Vulnerable Software and Affected Versions**
Safari versions prior to 3.2.3
Safari version 4 Public Beta
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. This affects Safari on Apple Mac OS X 10.5 before 10.5.7 and Windows.
**Recommendations**
For Safari versions prior to 3.2.3, update to version 3.2.3 or later.
For Safari version 4 Public Beta, avoid using the feed: URL feature until a patch is available.
As a temporary workaround, consider disabling JavaScript in Safari to minimize the risk of exploitation.