Safari 5.0.4 update addresses plug-in compatibility, more

Apple has released an update for Safari for both OS X and Windows operating systems that addresses a number of outstanding bugs with the Web browser. These include stability and page rendering problems with sites that load browser plug-ins, implementations of VoiceOver text-to-speech technologies, image effects, and other visual options. The update is recommended for all systems (Mac and Windows) that have Safari 5 installed, but be sure to back up your system before updating.

Specifically, the update fixes the following issues:

Mac OS X

1. Improved stability for webpages with multiple instances of plug-in content
2. Improved compatibility with Web pages with image reflections and transition effects
3. A fix for an issue that could cause some Web pages to print with incorrect layouts
4. A fix for an issue that could cause content to display incorrectly on Web pages with plug-ins
5. A fix for an issue that could cause a screensaver to appear while video is playing in Safari
6. Improved compatibility with VoiceOver on Web pages with text input areas and lists with selectable items
7. Improved stability when using VoiceOver

For Windows

1. Improved compatibility with Web pages with transition effects
2. A fix for an issue that could cause some Web pages to print with incorrect layouts
3. A fix for an issue that could prevent HTML5 video from playing on www.youtube.com
4. A fix for an issue that could cause content to display incorrectly on Web pages with plug-ins

In addition to these main issues, the update contains a number of security fixes for Windows and Mac OS systems, including corrections to the handling of JPEG and TIFF files, and the "libpng" library that could result in arbitrary code execution. In addition, some the update fixes problems where improper XML handling could result in a program crash and arbitrary code execution. Lastly, numerous memory mismanagement issues with Webkit could also result in program crashes.

Beyond crashes, there is a fix for the improper handling of user credentials when using basic HTTP authentication, and fixes to WebKit and other underlying technologies to address the following cross-contamination problems.

1. Injection of CSS styles from a malicious site into other open Web pages
2. Improper handling of caches from malicious sites that could cause malfunction of other Web sites
3. Disclosure of information entered in one site to another with HTML5 drag-and-drop
4. Cross-origin issues with malicious sites causing files to be sent to an unknown remote server
5. The possibility of a malicious site when using the "Web Inspector" could result in script execution that could affect other open sites.

The update for Safari should be available through Software Update for everyone who has Safari installed, but can also be downloaded from the Safari 5.0.4 Update Web page or from the following links.

Mac OS X Leopard, and Snow Leopard (~37-46MB)

Windows XP, Vista, and 7 (33.97MB)

Updating precautions

Be sure to fully back up your system before applying this update. After installing, to prevent any odd Web page display issues be sure to clear Safari's cache and optionally remove Safari's preferences file, which is called "com.apple.Safari.plist" and is located in the /username/Library/Preferences/ folder.

In addition to these basic reset options, if specific sites do not display properly or otherwise malfunction after updating Safari, try removing cookies for those sites. To do this, go to Safari's "Security" preferences and click the "Show Cookies" button. Then search for the domain of the problematic Web site (e.g., "Apple.com" or "CNET.com") and remove all cookies associated with that domain. Then clear the browser's cache and refresh the Web page. As a last resort, run a full Safari reset by using the "Reset Safari" option in the "Safari" application menu.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.