One flaw is a memory corruption issue that could be exploited if a user is downloading a .ZIP file with a really long filename.
The second flaw is an address bar spoofing issue.
Frankly, I wouldn’t have rated both of these issues as ‘Highly Critical’ myself since they both require user interaction (but hey I’m not currently a full time security researcher).
Then again, Mozilla just fixed a memory corruption related issue with Firefox 2.0.0.13 yesterday, which was rated as “Critical” by Mozilla itself. Though Firefox 2.0.0.13 did fix a spoofing issue which was only rated as being “High”.
Apple has not yet made any kind of patch available for Safari 3.1 for the new issues, so if you’re running Safari – also use common sense and as always – DON’T VISIT UNTRUSTWORTHY SITES! (but that goes for any browser on any platform).
