Apple today released Safari 3.1.1 which is the fastest and easiest-to-use web browser for Macs and Windows PCs. Safari 3 introduces new features to help you find your way and enjoy your time on the web.
Arrange your tabbed windows with just a drag and drop. Instantly and graphically locate any text on the current web page with the new find command. Easily find webpages you have visited with full history search that remembers the text content of sites.
About the security content of Safari 3.1.1:
• Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of the address bar
Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.
• Safari
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.
• WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.
• WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues. MacDailyNews Note: Please see related article: Mac hacked in security contest via undisclosed Safari vulnerability – March 28, 2008
System Requirements:
• Mac OS X 10.4.11
• Mac OS X 10.5.2
• Windows XP
• WIndows Vista
Safari 3.1.1 is available via Software Update and also as a standalone installer
More info and download link here.
MacDailyNews Note: 17,000!
@AJKphotography
Did you notice that Safari gets a 74 on the Acid3 test the first time it is loaded, and then, upon reloading, a 75?
When webkit was announced to have a 100 on the test, I download the webkit nightly build and found that it got a 99 the first try and then 100 upon reloading.
I wonder if there is some weird bug there? Also wondering when the most recent webkit will get into the Mac?
@Bud Why+Zer
Yes I noticed that. It’s something I always found when I kept updating WebKit to try the test.
It’s a known issue.
Happy xvMM Day.
Well, I don’t notice anything different. But that’s a good thing…
Woah woah woah .. a restart for a web browser? Come on Apple stop tying safari into the OS.
What a bunch of WHINERS on this thread!!
Safari is SIMPLY the best browser out there.
GO APPLE!
Acid3
94/100
Just did a side by side test of Safari and Firefox beta running MLB TV (Padres vs Rockies tonight)
I ran both the browsers on each of the three settings allowed, but at the same time side by side. With pleanty of bandwidth to spare. In other words, I watched two video streams of the same exact live event, on three different settings. (400, 800, 1.2)
Safari’s video quality was OBVIOUSLY better. Not just a little better, but far and above better. The firefox video was pixilated and the colors blured.
Safari won this one hands down.
“Safari’s video quality was OBVIOUSLY better. Not just a little better, but far and above better. The firefox video was pixilated and the colors blured.”
I’ve noticed that YouTube video is better with Safari. The frame rate seems higher. Firefox looks slightly jerky. Even the latest build. I find it nearly unwatchable, if you are used to Safari.
(My computer is a 1.5MHz G4)
“We can pay you 2000 now plus 15 when he reach Alderaan.”
I’m surprised they didn’t put in the latest nightly builds. Those guys are doing excellent work on Webkit.
well, it’s only about .1 percent snappier… but still the snappiest
@JDavidson,
“(My computer is a 1.5MHz G4)”
So, you have a fourth generation Apple ][?
Jamie,
“…have you tried the free CyberDuck?
Or if you aren’t too strapped for cash, you could purchase a copy of the excellent Transmit for $29.95.”
I already have Transmit. I like it, but my concern is for my clients uploading files to my ftp site. If they have Explorer, it’s a simple, no brainer.
I just don’t have the time to educate recent Mac converts on the variables of ftp client software.
I’ve had several say they absolutely will not use free software (gun shy from M$ experiences?) and if they can’t access the ftp though the browser to upload, then they’ll just send a disk. What a pain in the ass for me! Now I have to wait for the USPS to deliver to my business and hope the disk isn’t damaged or lost.
Browser compatibility for both upload and download would be much nicer.
I still haven’t been able to download the Tiger version of Safari yet. It just holds there for hours after I hit the download button. I’ve tried the reload button, going back a few screens and then coming back, Quitting Safari and going back, accessing the download site through the main Apple page, through the support web site and even through VersionTracker, all with the same negative results. Has any other Tiger user experienced the same problems?
“…Has any other Tiger user experienced the same problems?”
Mine updated without any problems via Software Update.
Try software update with a different browser open. I was using FireFox at the time I updated.