以下のセキュリティ上の問題も修正

• A cross-site scripting issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs.
• An access control issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs.
• Password input elements with the autocomplete attribute set to "off" were being autocompleted.
• An issue existed in Safari's support for the 'attachment' value for the HTTP Content-Disposition header.
• Multiple memory corruption issues existed in WebKit.
• A cross-origin issue existed in the handling of drag and drop events.
• An access control issue existed in the handling of drag and drop events.
• A cross-origin issue existed in the handling of CSS property values.
• A cross-origin issue existed in the handling of iframes in popup windows.
• A cross-origin issue existed in the handling of iframes and fragment identifiers.
• The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters.
• An information disclosure issue existed in the handling of dragged files.
• A canonicalization issue existed in the handling of URLs.
• An HTTP header injection issue existed in the handling of WebSockets.
• A state management issue existed in the handling of session history.
• n access control issue existed in the handling of file URLs.
• An uninitialized memory access issue existed in the handling of SVG images.

OS X 10.7.4 Lion用のみ（OS X 10.8 Mountain Lionは同梱）

http://support.apple.com/kb/HT5400