Hallo zusammen

Gemäss Apple Presserelease wurde heute Safari 5 releast...

Leider hat der Downloadserver von Apple noch nichts davon mitbekommen, dass dem so ist

Aber hier ein Link zur Pressemeldung.

Ich denke mal, dass die Jungs von der PR mal wieder schneller waren als die Administratoren.

Und ja... An alle die normalerweise jammern, dass der Rechner mal wieder neu gestartet werden muss... Auch dieses mal wird es nicht anders sein.

Aah - Extensions...

Ups... Nun ist diese Pressemeldung plötzlich wieder weg.

Hier noch ein anderer Link zu Engadget , welche die Pressemeldung auch gesehen haben.

developer *only* - pressrelease zurück gezogen ...

ICH MUSS NEU STARTÄÄÄÄÄÄÄN!


WÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄH!!!!!!!!!

trotzdem sind die Features offiziell.

Quelle?

Und jetzt geht es auch zu laden!

oh gut

Juhuu! Safari 5

Wist Du ja jetzt schon gesehen haben:

Dieses Update enthält neue Funktionen, einschließlich:

Safari-Reader: Klicken Sie auf das neue Reader-Symbol, um Artikel im Web in einer übersichtlichen Seitendarstellung anzuzeigen.
Verbesserte Leistung: Safari 5 führt JavaScript bis zu 25 % schneller aus als Safari 4. Verbesserte Cache-Speicherung von Webseiten und DNS-Prefetching ermöglichen schnelleres Surfen.
Suchoption „Bing“: Neben Google und Yahoo! ist Bing als Option für das Suchfeld in Safari verfügbar.
Verbesserte Unterstützung für HTML5: Safari unterstützt über ein Dutzend neue HTML5-Funktionen, einschließlich Geolocation, Vollbildmodus für HTML5-Video, erweiterte Untertitel für HTML5-Video, neue strukturierende Elemente (article, aside, footer, header, hgroup, nav und section), HTML5 AJAX-Verlauf, EventSource, WebSocket, HTML5-Attribut „draggable“, HTML5-Formularvalidierung und HTML5 Ruby.
Safari-Entwicklerwerkzeuge: Im neuen Timeline-Bereich der Webinformationen werden die Interaktion von Safari mit Websites und die zu optimierenden Bereiche angezeigt. Neue Tastaturkurzbefehle ermöglichen einen schnelleren Wechsel zwischen Bereichen.
Weitere Verbesserungen sind u. a.:

Intelligentes Adressfeld: Das intelligente Adressfeld findet nun Übereinstimmungen zwischen Ihrer Eingabe und den Webseitentiteln im Verlauf und den Lesezeichen sowie beliebigen Teilen der URLs.
Einstellung „Tabs“: Neue Webseiten werden automatisch in Tabs anstatt in separaten Fenstern geöffnet.
Hardwarebeschleunigung für Windows: Nutzen Sie die Leistung Ihres Grafikprozessors, um Medien und Effekte auf dem PC oder Mac flüssig darzustellen.
Suchverlauf mit Datum: Die neue Datumsanzeige in der Verlaufssuche zeigt an, wann Webseiten besucht wurden.
Taste für Top Sites/Verlauf: Mit der neuen Taste, die in jeder Darstellung oben angezeigt wird, können Sie schnell zwischen Top Sites und der Verlaufssuche wechseln.
Symbol für privates Surfen: Wenn „Privates Surfen“ aktiviert ist, wird ein Symbol für „Privat“ im intelligenten Adressfeld angezeigt. Klicken Sie auf das Symbol, um „Privates Surfen“ zu deaktivieren.
DNS-Prefetching: Safari sucht auf Webseiten die Adressen von Links und kann diese Seiten somit schneller laden.
Verbesserte Cache-Speicherung von Webseiten: Safari kann zusätzliche Webseitentypen zum Cache hinzufügen, sodass die Webseiten schnell geladen werden.
XSS Auditor: Safari kann potenziell nicht vertrauenswürdige Skripts, die bei Cross-Site-Scripting-Angriffen (XSS) verwendet werden, filtern.
Sicherheit von Webprogrammen, die JavaScript Object Notation (JSON) verwenden, verbessert.
Weitere Informationen zu Fehlerbehebungen, die die Leistung, Stabilität und Kompatibilität verbessern, erhalten Sie unter: http://support.apple.com/kb/HT4134?viewlocale=de_DE

Informationen zu den Sicherheitsupdates erhalten Sie unter: http://support.apple.com/kb/HT1222?viewlocale=de_DE

Die Reader Funktion ist toll und die Vervollständigung ist auch super aber jetzt ab ins Bett gute Nacht

ich bin entsetzt!! hat etwa noch niemand die rückkehr des ladebaldens in die adresszeile bemerkt? oder hab ich was verpasst.
falls net, dann yeah, ladebalken wieder in der adresszeile. apple kann also doch ab und an auf die wünsche seiner älteren user eingehen.

Nach welchem Muster erscheint denn der Reader-Button?
Bei einigen Seiten ist er da, auf Unterseiten wiederum nicht.

Denke 10.6.4 wird dann entweder heute oder zum Wochenende erscheinen.

Hätte eigentlich gehofft das die Tabs wieder oben sind. Und eine kombinierte Adress/Suchleiste wäre ebenfalls gut gewesen.

Alles in allem kann ich nicht wirklich nachvollziehen warum gleich ein Sprung auf die 5.0 gemacht wurde

Man kann auch endlich –immer– neue Fenster in neuen Tabs öffnen lassen.
Das ging zwar bei den älteren Versionen auch über eine Eingabe im terminal, aber so ist's doch bequemer...

Das würde mich auch mal interessieren.
Mir ist bisher noch keine Seite untergekommen, wo dieses Reader Symbol angezeigt wird.
Das RSS Symbol kommt immer, wenn eine Seite offen ist, die auch Feeds beinhaltet. Aber das Reader Symbol?

Schau mal bei Mac-TV.de, dann erscheint der ReaderButton oben in der URL (wo sonst RSS steht)
und es ist toll, was Apple da gebaut hat.

Wenn jetzt noch die TABs oben wären... das wäre genial. Perfekt.

Überall dort, wo es einen zusammenhängenden Artikel zu lesen gibt! (Habe ich erstmal auch "ganz intensiv" danach gesucht;-).

Als Beispiel z.B. hier eine Seite:
http://www.macwelt.de/artikel/_News/371839/neue_apps_fuer_ein_neues_iphone/1
Bemerkenswert ist ferner, dass Folgeseiten auch zu einem Ganzen gescannt und auf einen Schlag dargestellt werden. Das wird einigen Webseiten-Betreibern aber gar nicht so recht schmecken. Die Darstellung ist sehr lesefreundlich und mit dem Printbefehl kann man vernünftige PDF´s erzeugen.

Zusammengefasst: Die neue Reader-Funktion ist sensationell jut!

Moin moin,
kann jemand ein beliebiges Lesezeichen anlegen; also in der Art, dass ein Favorit unter einem bestehenden Lesezeichen-Ordner entsteht? Das ist extrem trivial, dennoch gelingt es mir nicht.
Grüße aus Hamburg
Hans

Bei mir gehts. [cmd] + [d] Ort auswählen und dann Enter

.. Glücklicher. mal sehen was die apple discussions dazu heute abend 'auswerfen-
Schönen (Arbeits-) Tag
Hans

Hat sich erledigt! Auch bei Safari 5 ist das Problem vor dem Bildschirm nicht behoben worden.
Die Augen sind jetzt auf und ich geh mal Geld machen ....

Nee, nicht Folgeartikel, sondern auf mehrere Seiten verteilte, aber zusammengehörige Artikel, s. z.B. Zeit-Artikel: Hier @@ kannst du entweder „Auf einer Seite lesen“ anklicken (oben rechts), oder das Reader-Symbol, welches i.d.R. bei Zeitungs- oder auch Blogartiklen erscheint. Funktioniert leider nicht bei @@ Bilderstrecken.

Hat schon jemand ausprobiert, ob Glims mit Safari 5 noch funktioniert?

Und NICHT für Tiger zu haben denn da heisst es 4.1
Es ist mal wieder zum *sick*

Glims habe ich nicht. Aber die bei mir installierten PlugIns funktionieren:

Click2Flash @@
Sweetpproductions-Filter @@
Cooliris @@

@Kissi: Mann Gottes! Sei froh, daß es für 10.4.11 überhaupt noch was gibt...!

Abgesehen davon: Installieren, wenn einem die eigenen Daten lieb sind, denn:

Safari 5.0 and Safari 4.1 is now available and addresses the
following:

ColorSync
CVE-ID: CVE-2009-1726
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: A heap buffer overflow exists in the handling of images
with an embedded ColorSync profile. Opening a maliciously crafted
image with an embedded ColorSync profile may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved validation of ColorSync profiles. Credit
to Chris Evans of the Google Security Team, and Andrzej Dyjak for
reporting this issue.

Safari
CVE-ID: CVE-2010-1384
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: A maliciously crafted URL may be obfuscated, making phishing
attacks more effective
Description: Safari supports the inclusion of user information in
URLs, which allows the URL to specify a username and password to
authenticate the user to the named server. These URLs are often used
to confuse users, which can potentially aid phishing attacks. Safari
is updated to display a warning before navigating to an HTTP or HTTPS
URL containing user information. Credit to Abhishek Arya of Google,
Inc. for reporting this issue.

Safari
CVE-ID: CVE-2010-1385
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in Safari's handling of
PDF files. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of PDF files. Credit to
Borja Marcos of Sarenet for reporting this issue.

Safari
CVE-ID: CVE-2010-1750
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in Safari's management of
windows. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved window management. This issue
does not affect Mac OS X systems.

WebKit
CVE-ID: CVE-2010-1388
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later
Impact: Dragging or pasting links or images may lead to an
information disclosure
Description: An implementation issue exists in WebKit's handling of
URLs in the clipboard. Visiting a maliciously crafted website and
dragging or pasting links or images may send files from the user's
system to a remote server. This issue is addressed through additional
validation of URLs in the clipboard. This issue does not affect
Windows systems. Credit to Eric Seidel of Google, Inc. for reporting
this issue.

WebKit
CVE-ID: CVE-2010-1389
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Dragging or pasting a selection may lead to a cross-site
scripting attack
Description: Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation. Credit to Paul Stone of Context Information Security for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1390
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a website using UTF-7 encoding may lead to a cross-
site scripting attack
Description: A canonicalization issue exists in WebKit's handling of
UTF-7 encoded text. An HTML quoted string may be left unterminated,
leading to a cross-site scripting attack or other issues. This issue
is addressed by removing support for UTF-7 encoding in WebKit. Credit
to Masahiro Yamada for reporting this issue.

WebKit
CVE-ID: CVE-2010-1391
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may cause files to be
created in arbitrary user-writable locations
Description: A path traversal issue exists in WebKit's support for
Local Storage and Web SQL databases. If accessed from an application-
defined scheme containing '%2f' (/) or '%5c' (\) and '..' in the host
section of the URL, a maliciously crafted website may cause database
files to be created outside of the designated directory. This issue
is addressed by encoding characters that may have special meaning in
pathnames. This issue does not affect sites served from http: or
https: schemes. Credit: Apple.

WebKit
CVE-ID: CVE-2010-1392
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's rendering of
HTML buttons. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. Credit to
Matthieu Bonetti of VUPEN Vulnerability Research Team for reporting
this issue.

WebKit
CVE-ID: CVE-2010-1393
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
information disclosure
Description: An information disclosure issue exists in WebKit's
handling of Cascading Stylesheets. If a stylesheet's HREF attribute
is set to a URL that causes a redirection, scripts on the page may be
able to access the redirected URL. Visiting a maliciously crafted
website may lead to the disclosure of sensitive URLs on another site.
This issue is addressed by returning the original URL to scripts,
rather than the redirected URL.

WebKit
CVE-ID: CVE-2010-1119
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
attribute manipulation. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved memory reference
tracking. Credit to Ralf Philipp Weinmann working with TippingPoint's
Zero Day Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1394
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A design issue exists in WebKit's handling of HTML
document fragments. The contents of HTML document fragments are
processed before a fragment is actually added to a document. Visiting
a maliciously crafted website could lead to a cross-site scripting
attack if a legitimate website attempts to manipulate a document
fragment containing untrusted data. This issue is addressed by
ensuring that initial fragment parsing has no side effects on the
document that created the fragment. Credit to Eduardo Vela Nava
(sirdarckcat) of Google Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1422
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Interacting with a maliciously crafted website may result in
unexpected actions on other sites
Description: An implementation issue exists in WebKit's handling of
keyboard focus. If the keyboard focus changes during the processing
of key presses, WebKit may deliver an event to the newly-focused
frame, instead of the frame that had focus when the key press
occurred. A maliciously crafted website may be able to manipulate a
user into taking an unexpected action, such as initiating a purchase.
This issue is addressed by preventing the delivery of key press
events if the keyboard focus changes during processing. Credit to
Michal Zalewski of Google, Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1395
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a malicious site may lead to a cross-site scripting
attack
Description: A scope management issue exists in WebKit's handling of
DOM constructor objects. Visiting a malicious site may lead to a
cross-site scripting attack. This issue is addressed through improved
handling of DOM constructor objects. Credit to Gianni "gf3"
Chiappetta of Runlevel6 for reporting this issue.

WebKit
CVE-ID: CVE-2010-1396
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
the removal of container elements. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
memory reference tracking. Credit to wushi of team509, working with
TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1397
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's rendering of
a selection when the layout changes. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of selections. Credit to wushi&Z of team509, working with
TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1398
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of ordered list insertions. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of list
insertions. Credit to wushi of team509, working with TippingPoint's
Zero Day Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1399
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's
handling of selection changes on form input elements. Visiting a
maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved handling of selections. Credit to wushi of team509,
working with TippingPoint's Zero Day Initiative for reporting this
issue.

WebKit
CVE-ID: CVE-2010-1400
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
caption elements. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of caption
elements. Credit to regenrecht working with iDefense for reporting
this issue.

WebKit
CVE-ID: CVE-2010-1401
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
the ':first-letter' pseudo-element in cascading stylesheets. Visiting
a maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved handling of the ':first-letter' pseudo-element.
Credit to wushi of team509, working with TippingPoint's Zero Day
Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1402
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue exists in WebKit's handling of
event listeners in SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of SVG documents. Credit to wushi of team509, working with
TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1403
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's
handling of 'use' elements in SVG documents. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of 'use' elements in SVG documents. Credit to wushi of
team509, working with TippingPoint's Zero Day Initiative, for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1404
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
SVG documents with multiple 'use' elements. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of 'use' elements in SVG documents. Credit to wushi of
team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1410
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of nested 'use' elements in SVG documents. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of nested 'use' elements in SVG documents. Credit to Aki
Helin of OUSPG for reporting this issue.

WebKit
CVE-ID: CVE-2010-1749
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
CSS run-ins. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of CSS run-ins. Credit
to wushi of team509, working with TippingPoint's Zero Day Initiative
for reporting this issue.

WebKit
CVE-ID: CVE-2010-1405
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
HTML elements with custom vertical positioning. Visiting a
maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory reference tracking. Credit to Ojan Vafai of
Google Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1406
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting an HTTPS site which redirects to an HTTP site may
lead to an information disclosure
Description: When WebKit is redirected from an HTTPS site to an HTTP
site, the Referer header is passed to the HTTP site. This can lead to
the disclosure of sensitive information contained in the URL of the
HTTPS site. This issue is addressed by not passing the Referer header
when an HTTPS site redirects to an HTTP site. Credit to Colin
Percival of Tarsnap for reporting this issue.

WebKit
CVE-ID: CVE-2010-1408
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may result in sending
remotely specified data to arbitrary TCP ports
Description: An integer truncation issue exists in WebKit's handling
of requests to non-default TCP ports. Visiting a maliciously crafted
website may result in sending remotely specified data to arbitrary
TCP ports. This issue is addressed by ensuring that port numbers are
within the valid range.

WebKit
CVE-ID: CVE-2010-1409
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may allow remotely
specified data to be sent to an IRC server
Description: Common IRC service ports are not included in WebKit's
port blacklist. Visiting a maliciously crafted website may allow
remotely specified data to be sent to an IRC server. This may cause
the server to take unintended actions on the user's behalf. This
issue is addressed by adding the affected ports to WebKit's port
blacklist.

WebKit
CVE-ID: CVE-2010-1412
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
hover events. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of hover events. Credit
to Dave Bowker of davebowker.com for reporting this issue.

WebKit
CVE-ID: CVE-2010-1413
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: A user's NTLM credentials may be exposed to a man in the
middle attacker
Description: In certain circumstances, WebKit may send NTLM
credentials in plain text. This would allow a man in the middle
attacker to view the NTLM credentials. This issue is addressed
through improved handling of NTLM credentials. Credit: Apple.

WebKit
CVE-ID: CVE-2010-1414
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
the removeChild DOM method. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of child
element removal. Credit to Mark Dowd of Azimuth Security for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1415
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An API abuse issue exists in WebKit's handling of
libxml contexts. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of libxml context
objects. Credit to Aki Helin of OUSPG for reporting this issue.

WebKit
CVE-ID: CVE-2010-1416
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may disclose images
from other sites
Description: A cross-site image capture issue exists in WebKit. By
using a canvas with an SVG image pattern, a maliciously crafted
website may load and capture an image from another website. This
issue is addressed by restricting the reading of canvases that
contain patterns loaded from other websites. Credit to Chris Evans of
Google Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1417
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering
of CSS-styled HTML content with multiple :after pseudo-selectors.
Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved rendering of HTML content. Credit to wushi
of team509 for reporting this issue.

WebKit
CVE-ID: CVE-2010-1418
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: An input validation issue exists in WebKit's handling
of the src attribute of the frame element. An attribute with a
javascript scheme and leading spaces is considered valid. Visiting a
maliciously crafted website could lead to a cross-site scripting
attack. This update addresses the issue by properly validating
frame.src before the URL is dereferenced. Credit to Sergey Glazunov
for reporting this issue.

WebKit
CVE-ID: CVE-2010-1419
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
drag and drop when the window acting as a source of a drag operation
is closed before the drag operation is completed. Visiting a
maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory management. Credit to kuzzcc, and Skylined of
Google Chrome Security Team for reporting this issue.

WebKit
CVE-ID: CVE-2010-1421
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may change the
contents of the clipboard
Description: A design issue exists in the implementation of the
JavaScript function execCommand. A maliciously crafted web page can
modify the contents of the clipboard without user interaction. This
issue is addressed by only allowing clipboard commands to be executed
if initiated by the user. Credit: Apple.

WebKit
CVE-ID: CVE-2010-0544
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may result in a
cross-site scripting attack
Description: An issue in Webkit's handling of malformed URLs may
result in a cross-site scripting attack when visiting a maliciously
crafted website. This issue is addressed through improved handling of
URLs. Credit to Michal Zalewski of Google, Inc. for reporting this
issue.

WebKit
CVE-ID: CVE-2010-1758
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
DOM Range objects. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of DOM Range
objects. Credit to Yaar Schnitman of Google Inc. for reporting this
issue.

WebKit
CVE-ID: CVE-2010-1759
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
the Node.normalize method. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of the
Node.normalize method. Credit to Mark Dowd for reporting this issue.

WebKit
CVE-ID: CVE-2010-1761
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's rendering of
HTML document subtrees. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved rendering of HTML
document subtrees. Credit to James Robinson of Google Inc. for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1762
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A design issue exists in the handling of HTML contained
in textarea elements. Visiting a maliciously crafted website may lead
to a cross-site scripting attack. This issue is addressed through
improved validation of textarea elements. Credit to Eduardo Vela Nava
(sirdarckcat) of Google Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1764
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a website which redirects form submissions may lead
to an information disclosure
Description: A design issue exists in WebKit's handling of HTTP
redirects. When a form submission is redirected to a website that
also does a redirection, the information contained in the submitted
form may be sent to the third site. This issue is addressed through
improved handling of HTTP redirects. Credit to Marc Worrell of
WhatWebWhat for reporting this issue.

WebKit
CVE-ID: CVE-2010-1770
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A type checking issue exists in WebKit's handling of
text nodes. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved type checking. Credit to wushi of
team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1771
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
fonts. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handing of fonts. Credit: Apple.

WebKit
CVE-ID: CVE-2010-1774
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An out of bounds memory access issue exists in WebKit's
handling of HTML tables. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
Credit to wushi of team509 for reporting this issue.

WebKit
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later,
Windows 7, Vista, XP SP2 or later
Impact: A maliciously crafted website may be able to determine which
sites a user has visited
Description: A design issue exists in WebKit's handling of the CSS
:visited pseudo-class. A maliciously crafted website may be able to
determine which sites a user has visited. This update limits the
ability of web pages to style pages based on whether links are
visited.


Safari 5.0 and Safari 4.1 address the same set of security issues.
Safari 5.0 is provided for Mac OS X v10.5, Mac OS X v10.6, and
Windows systems. Safari 4.1 is provided for Mac OS X v10.4 systems.

(Wow!)

Bei mir läuft Safari deutlich schneller als vorher.
Sehr schön

Die Reader Funktion ist auch gut
Auf heise.de (und dann irgendeinen artikel) kann man sie schön nutzen.

Nicht für Tiger aber für Window XP.

Liebe Apple Developer, habt ihr sie noch alle?????

Geht bei euch die Geolocation bei GoogleMaps? Bei mir kommt immer: "Konnte Standort nicht bestimmen". Bei Firefox funktionierts ohne Probleme.

@Maxefaxe: Erst lesen, dann testen, und dann besser nicht maulen: Unter 10.4.11 erscheint es bereits als Safari 4.1 in der Software-Aktualisierung.

Bei mir geht die Geolocation einwandfrei. Zeigt mich nur auf der falschen Straßenseite an.

Hannes Gnad Warum denn lesen, maulen macht doch viel besser und schneller negative Energie. Und man muss seinen Kopf dazu nicht anstrengen.

GoogleMaps geht bei mir dort wo WLAN aktiv ist. Ohne WLAN geht das nicht.

Ah ja. Ist nicht schlecht. Nur manchmal formatiert die Reader Funktion die Seite nicht vernünftig. Ist mir vorhin aufgefallen. Aber ist ja erst die 5.0
Prima, das der blaue Fortschrittsbalken wieder da ist.

Kissi: welchen Grund gibt es denn für dich, nicht auf Snow Leopard umzusteigen? G5? Dann nimm noch wenigstens Leopard...

Hahaha - so werden bei Dir aus "Folgeseiten (e. Artikels)" gleich "Folgeartikel". Mein Bsp.-Link aus Macwelt hast wohl übersehen?! – Nun ja, sei´s drum ....

KillBill
Glims funktioniert einwandfrei, ebenso Cookies. Und wenn zukünftig alles über die PlugIn-Funktion abgewickelt wird, sind solche Fragen hoffentlich gar nicht mehr nötig

Noch ein Wort zur Reader-Funktion. Die ist nett, aber das Readability-Bookmarklet (auf dem Safari Reader anscheinend aufsetzt) funktioniert immer und wird damit nicht obsolet.

Korrektur: Tabs der letzten Sitzung werden nach Beenden/Neustart nicht wieder hergestellt. Blöd, weil für mich die wichtigste Funktion von Glims.

Also bei Focus online funktioniert der Reader nicht richtig.
Bei der FAZ geht das Teil tadellos. Liegt das an der Programmierung von Focus online?

TCHe
Vielen Dank.
Tabs der letzten Sitzung öffnen nutze ich nicht. Für mich also einwandfrei genug

hi

Erstens kann ich den Sprung auf Version 5.0 nicht nachvollziehen, weil so eine Revolution ist 5.0 ja jetzt nicht, ich finde 4.1 (wie unter Tiger) passt da deutlich besser.

Obendrein ein "Silent-Update" auf eine neue "Hauptversion"? ... Why?

Kann mir eigentlich jemand den genauen Unterschied zwischen 5.0 und 4.1 erklären, außer das 4.1 für Tiger ist und kein Geolocation und Safari Reader unterstütz (warum auch immer)?

Aber schön schnell ist 4.1 und 5.0 und der schöne, blaue Ladebalken ist wieder da (wobei ich mich da auch wieder frage, warum man den nicht in den Einstellungen deaktivieren kann, weil einige ja lieber keinen haben)

Auf den deutschsprachigen Apple Seiten steht immer noch Version 4 ... finde ich auch interessant.

Wow. endlich ist – dank Safari Reader - die ZEIT.de ein Genuss:

Wer eine ähnliche Funktion für Firefox sucht:
Ist grafisch nicht ganz so spektakulär wie die Safari Funktion, tut es aber auch.