A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.

1) An input sanitation error within the handling of "safari-extension://" URLs can be exploited to e.g. execute arbitrary JavaScript code within the context of installed Safari extensions and disclose local files via directory traversal attacks.

2) A policy error within the handling of "file://" URLs can be exploited to execute arbitrary local applications.

Note: This vulnerability does not affect the Windows platform.

3) An error within the handling of SSL certificates can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code.

Note: This vulnerability does not affect OS X Lion or the Windows platform.

4) Multiple vulnerabilities in WebKit can be exploited by malicious people to cause a crash or compromise a user's system.

For more information:
SA44375
SA45097
SA45498
SA46049
SA46171
SA46339

5) An error exists within the handling of the beforeload event.

For more information see vulnerability #22 in:
SA45498

6) An error exists within the handling of the window.open method.

For more information see vulnerability #28 in:
SA45498

7) An error exists within the handling of the document.documentURI property.

For more information see vulnerability #29 in:
SA45498

8) A cross-origin error exists within the handling of inactive DOM windows, which can be exploited to conduct cross-site scripting attacks.

9) A logic error within the handling of cookies in the Private Browsing mode can lead to cookies being stored although the "Block cookies" option is set to "Always".

Note: This does not affect the Windows platform.

Solution
Update to version 5.1.1.

Provided and/or discovered by
1, 2) Aaron Sigel

The vendor credits:
3) Jason Broccardo, Fermi National Accelerator Laboratory
8) Sergey Glazunov
9) John Adamczyk

The vendor provides a bundled list of credits for vulnerabilities in #4:
* Jose A. Vazquez, spa-s3c.blogspot.com
* Abhishek Arya (Inferno), Google Chrome Security Team
* Cris Neckar, Google Chrome Security Team
* miaubiz
* Adam Barth and Abhishek Arya, Google Chrome Security Team
* Mikolaj Malecki, Samsung
* SkyLined, Google Chrome Security Team
* Martin Barbella
* Raman Tenneti and Philip Rogers, Google
* Aki Helin, OUSPG
* Sadrul Habib Chowdhury, Chromium development community
* Dimitri Glazkov, Kent Tamura, and Dominic Cooney, Chromium development community
* Slawomir Blazek
* Apple

Original Advisory
Apple:
http://support.apple.com/kb/HT5000

Aaron Sigel:
http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html
http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers