WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
'WebKit
CVE-ID: CVE-2010-0051
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,
Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An implementation issue exists in WebKit's handling of
cross-origin stylesheet requests. Visiting a maliciously crafted
website may disclose the content of protected resources on another
website. This update addresses the issue by performing additional
validation on stylesheets that are loaded during a cross-origin
request.' Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
'Safari 4.0.5 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/'
Publication date: Mon, 15 Mar 2010 19:15:00 +0000