Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system.

1) An integer overflow error when processing ColorSync profiles embedded in images can be exploited to potentially execute arbitrary code.

For more information see vulnerability #4 in:
SA36701

2) An error exists when handling an "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu action performed on a link to a local file. This can be exploited to load a local HTML file and disclose sensitive information by tricking a user into performing the affected actions within a specially crafted webpage.

3) An error exists in WebKit when sending "preflight" requests originating from a page in a different origin. This can be exploited to facilitate cross-site request forgery attacks by injecting custom HTTP headers.

4) Multiple errors in WebKit when handling FTP directory listings on Windows can be exploited to disclose sensitive information, cause a crash, or potentially execute arbitrary code.

5) An error in WebKit when handling an HTML 5 Media Element on Mac OS X can be exploited to bypass remote image loading restrictions via e.g. HTML-formatted emails.

NOTE: Some errors leading to crashes, caused by the included libxml2 library, have also been reported.

Solution
Update to version 4.0.4.

Provided and/or discovered by
1-3, 5) Reported by the vendor.
4) The vendor credits Michal Zalewski of Google Inc.

Original Advisory
http://support.apple.com/kb/HT3949

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers