Jonathan Rockway

**Name of the Vulnerable Software and Affected Versions** Apple Safari (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by utilizing a crafted data:// URL. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Safari version 1.2.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks because it does not obey the Content-type field in the HTTP header and renders text as HTML. **Recommendations** For Apple Safari version 1.2.4, update to a version that properly handles the Content-type field in the HTTP header to prevent cross-site scripting attacks.