Safari 6.0
以下のセキュリティ上の問題も修正
- A cross-site scripting issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs.
- An access control issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs.
- Password input elements with the autocomplete attribute set to "off" were being autocompleted.
- An issue existed in Safari's support for the 'attachment' value for the HTTP Content-Disposition header.
- Multiple memory corruption issues existed in WebKit.
- A cross-origin issue existed in the handling of drag and drop events.
- An access control issue existed in the handling of drag and drop events.
- A cross-origin issue existed in the handling of CSS property values.
- A cross-origin issue existed in the handling of iframes in popup windows.
- A cross-origin issue existed in the handling of iframes and fragment identifiers.
- The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters.
- An information disclosure issue existed in the handling of dragged files.
- A canonicalization issue existed in the handling of URLs.
- An HTTP header injection issue existed in the handling of WebSockets.
- A state management issue existed in the handling of session history.
- n access control issue existed in the handling of file URLs.
- An uninitialized memory access issue existed in the handling of SVG images.