New browser time — and unfortunately, time to restart your Mac. Safari has been updated (for 10.4, 10.5 and 10.6 on the Mac side, and Windows XP/Vista/7 on the Win side); it includes the improvements noted:

• Performance improvements for Top Sites
• Stability improvements in opposition to plug-ins, and for sites with SVG graphics and online forms
• Fixes issues affecting settings changes to some Linksys routers and iWork.com user comments

There are also a slew of security fixes in this update; full like is in the continuation of this express, via the Apple Product Security mailing list.

The update weighs in at 31.8 MB in continuance my Snow Leopard install, but your download bigness may vary. You can get it in Software Update or via the Safari download page.

Safari 4.0.5 is after this employ and addresses the following: ColorSync CVE-ID: CVE-2010-0040 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted fancy with an embedded color contour may lead to an unexpected application termination or arbitrary code execution Description: An whole number overflow, that could result in a heap buffer overflow, exists in the handling of images through an embedded color profile. Opening a maliciously crafted image with an embedded color profile may guidance to an unexpected application bound or arbitrary code completion. The issue is addressed by performing additional validation of color profiles. This issue does not act upon Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team with respect to reporting this issue.
ImageIO CVE-ID: CVE-2009-2285 Available for: Windows 7, Vista, XP Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A duffer underflow exists in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or peremptory code effect. This upshot is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this egress is addressed in Security Update 2010-001.
ImageIO CVE-ID: CVE-2010-0041 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website Description: An uninitialized celebrity access exit exists in ImageIO’s handling of BMP images. Visiting a maliciously crafted website may product in sending data from Safari’s memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. Credit to Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.
ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website Description: An uninitialized memory access issue exists in ImageIO’s handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari’s remembrance to the website. This termination is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.
ImageIO CVE-ID: CVE-2010-0043 Available for: Windows 7, Vista, XP Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary digest execution. This issue is addressed through improved memorial handling. Credit to Gus Mueller of Flying Meat for reporting this issue.
PubSub CVE-ID: CVE-2010-0044 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting or updating a supply with material may result in a cookie being set, even if Safari is configured to block cookies Description: An implementation issue exists in the handling of cookies set by RSS and Atom feeds. Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies via the “Accept Cookies” preference. This update courtship the upshot by means of respecting the preference while updating or viewing feeds.
Safari CVE-ID: CVE-2010-0045 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may be the commander to arbitrary code execution Description: An issue in Safari’s handling of external URL schemes may account a local toothed to be opened in response to a URL encountered on a web boy-servant. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue from one verge improved validation of foreign URLs. This issue does not affect Mac OS X systems. Credit to Billy Rios and Microsoft Vulnerability Research (MSVR) for reporting this issue.
WebKit CVE-ID: CVE-2010-0046 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may contribute to an unexpected application conclusion or determined by no rule or principle collection of laws execution Description: A memorial corruption issue exists in WebKit’s handling of CSS format() arguments. Visiting a maliciously crafted website may lead to an abrupt application termination or arbitrary code execution. This issue is addressed through improved handling of CSS format() arguments. Credit to Robert Swiecki of Google Inc. for reporting this issue.
WebKit CVE-ID: CVE-2010-0047 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected thing applied issue or arbitrary digest execution Description: A use-after-free issue exists in the handling of HTML aim element fallback content. Visiting a maliciously crafted website may lead to some unexpected application termination or arbitrary code performance. This issue is addressed through improved memory intimation tracking. Credit to wushi of team509, working with TippingPoint’s Zero Day Initiative for reporting this issue.
WebKit CVE-ID: CVE-2010-0048 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary digest execution Description: A use-after-free issue exists in WebKit’s parsing of XML documents. Visiting a maliciously crafted website may be in advance of to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory allusion tracking.
Webkit CVE-ID: CVE-2010-0049 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unlooked for application termination or overbearing code execution Description: A use-after-free issue exists in the handling of HTML elements containing right-to-left displayed text. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This amount issued is addressed through improved memory reference tracking. Credit to wushi&Z of team509 for reporting this issue.
WebKit CVE-ID: CVE-2010-0050 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in WebKit’s handling of incorrectly nested HTML tags. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code effect. This issue is addressed through improved memory reference tracking. Credit to wushi&Z of team509 working with TippingPoint’s Zero Day Initiative for reporting this issue.
WebKit CVE-ID: CVE-2010-0051 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An implementation issue exists in WebKit’s handling of cross-origin stylesheet requests. Visiting a maliciously crafted website may disclose the make contented of protected resources on another website. This update addresses the issue by performing additional validation on stylesheets that are loaded during a cross-origin request.
WebKit CVE-ID: CVE-2010-0052 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary digest execution Description: A use-after-free issue exists in WebKit’sitting handling of callbacks for HTML elements. Visiting a maliciously crafted website may lead to any unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.
WebKit CVE-ID: CVE-2010-0053 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to each unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in the rendering of content with a CSS parade property set to ‘run-in’. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory respect tracking. Credit to wushi of team509, working with TippingPoint’s Zero Day Initiative despite reporting this issue.
WebKit CVE-ID: CVE-2010-0054 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in WebKit’s handling of HTML image elements. Visiting a maliciously crafted website may lead to an unexpected application extent or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.