Safari fails to sanitize the file protocol handler thus leading to an information disclosure, e.g. local file theft. Dynamically creating a certain HTML tag and using a valid file path to an executable may lead to a denial of service condition. Apple’s Safari browser version 3.2.3 is vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78612/n.runs-SA-2009.005.txt
Source: https://packetstormsecurity.com/files/78612/Safari-3.2.3-Information-Disclosure.html