A vulnerability in AOL Journals BlogID allows an attacker to numbers provided to the program and enumerate a list of AOL members/subscribers and their corresponding email.
The issue lies within the Atom/RSS feed option for users. There is a link on the journals that would allow users to get an Atom or RSS feed for that weblog. The webpage that pops up containing these links to the feeds displays the full path to the user's feed (which includes their username, which is subsequently their e-mail address). The link to the feeds, however, does not use the username in conjunction with the blog name. Instead it uses a BlogID number which appears to just be incremented as blogs are created.
Impact: As a result an attacker could increment through the numbers and obtain thousands of user e-mail addresses. This flaw is especially noteworthy due to the easy and speed at which an attacker could obtain the usernames. Also, the username and blog names could be easily traversed through to gain information on the user that could be used in conjunction with targeted SPAM among other things.
Workaround: Don't tie the BlogID feed into the Atom/RSS feeds.
A weakness has been discovered in Safari, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs.
The vulnerability has been confirmed in version 1.2.3. Other versions may also be affected.
Solution: Never follow links from untrusted sources.