A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/68524/ZDI-08-045.txt
Source: https://packetstormsecurity.com/files/68524/Zero-Day-Initiative-Advisory-08-045.html