CVE-2009-3016
Apple Safari 4.0.3 is affected by CVE-2009-3016: it does not properly block javascript: and data: URIs in Refresh HTTP header values, enabling cross-site scripting via Refresh header manipulation (four cited vectors: javascript: in Refresh, javascript: in header content, JavaScript in data:text/h...