Apple today released Safari Beta 3.0.3 which is recommended for all users and improves its security and stability.
Safari 3 Beta Update 3.0.3 security content:
• Safari
CVE-ID: CVE-2007-3743
Available for: Windows XP or Vista
Impact: Adding bookmarks may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow vulnerability exists in Safari’s bookmark handling. By enticing a user to add a bookmark with an overlong title, an attacker may trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing proper bounds checking. This issue does not affect Mac OS X systems.
• WebKit
CVE-ID: CVE-2007-2408
Available for: Mac OS X v10.4.9 or later, Windows XP or Vista
Impact: Visiting a malicious website may allow Java applets to load and run even when Java is disabled
Description: Safari provides an “Enable Java” preference, which when unchecked should prevent the loading of Java applets. By default, Java applets are allowed to be loaded. Navigating to a maliciously crafted web page may allow a Java applet to be loaded without checking the preference. This update addresses the issue through a stricter check of the “Enable Java” preference. Credit to Scott Wilde for reporting this issue.
• WebKit
CVE-ID: CVE-2007-3742
Available for: Mac OS X v10.4.9 or later, Windows XP or Vista
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
• WebKit
CVE-ID: CVE-2007-3944
Available for: Mac OS X v10.4.9 or later, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
Safari Beta Update 3.0.3 is available via Software Update.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]
I’m feeling seriously dissed… lol
Haven’t had the courage to try out this beta yet. I’m curious to know how it’s working for those of you braver than I. I’d be using it on a 14″ G4 iBook. Thanks for any info.
Its amazing how fast Apple does updates compared to Microcrap…..
DavidO… I’m running it now on a lampstand iMac, seems stable enough, MDN loads faster. CNN and FoxNews load about the same.
The Safari Beta works well for me, DavidO. Installed it on a 2.0 GHz Core Duo MacBook. However, I get the spinning beachball if I let the app sit open for a very long while (>1d uptime).
Safari beta has been pretty good, not sure why but lately it has been acting a bit wonky, w/ the update it seems much better/snappier. Not sure if the 2.0 versions had it.. but there are some nice right click features with the tab bar like “New Tab” “Reload All Tabs” “Add Bookmarks For These (x#of) Tabs”, etc.
I’ve been using Safari 3.02 beta for a few weeks now and LOVE IT! The options to save a bookmark for multiple tabs and the option to reopen all windows/tabs from the previous session are great additions. So far, it’s been pretty stable. My only recurring problem is sometimes having problems typing an address into the URL line. It will occasionally be very slow and hesitate several seconds for each character typed. No problems entering in the Google bar or using bookmarks though when the URL problem occurs.
PS: I’m using a G5 iMac with OS 10.4.10.
safari now seem a lot slower.
Been running the beta on an intel iMac since the day it was released. Love it. No real issues encountered, and I like the “you have text on this page that is not saved” deal, usually related to leaving comments or editing stuff with google. great feature.
the updated “find” in the pages is by far the best feature, I’d risk the beta just for that. they give you an uninstaller to revert with the main installer, so take the plunge.
Safari Beta hustles for me on my 800MHz G4 iMac.
What I’m still ticked off about is that Apple hasn’t updated the graphics to match the Windows version.
… and don’t tell me they will update in Leopard. If 3rd party developers can change the graphics of Safari, then so can Apple.
My one and only issue with Safari 3 is that it modifies Webkit in such a way that websites I made in Freeway don’t properly display slave images anymore: not in Safari, not in Shiira. My other machine still runs Safari 2 and there everything is just fine.
Safari stills exists?
People actually use it?
What has the world come to-first rate OS and hardware, third rate browser 🙁
Safari is by a long way the nicest rendering browser out there – crisp and clean.
Oh, and the fastest too.
@nekogami13
Oh, very funny – not … did you manage to think that up all by yourself, how is the life of a eleven year old these days?
As a long time Safari user and soon to be updated to the 3.0.3. beta – For me Safari 3 is excellent. You can keep your IE, Firefox and others as they are IMHO not up to it, and they all sit on my dock updated, but rarely used.