From the Red Hat bugzilla:
A security flaw was found in the way WebKit used to handle media elements
(audio and video tags). A remote attacker could provide a specially-crafted
document, requesting loading of sub-resources (such as remote URLs),
which would be normally disallowed by the callback function(s). (CVE-2009-2841)
From the Red Hat bugzilla:
An off by one memory corruption issue exists in
WebSocketHandshake::readServerHandshake(). This issue is addressed by improved bounds checking. (CVE-2010-1766)
From the Red Hat bugzilla:
A use after free issue exists in WebKit's handling of geolocation events.
Visiting a maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed through
improved handing of geolocation events. (CVE-2010-1772)
From the Red Hat bugzilla:
An off by one memory read out of bounds issue exists in WebKit's handling of HTML lists. Visiting a maliciously crafted website may lead to an unexpected application termination or the disclosure of the contents of memory. This issue is addressed through improved bounds checking. (CVE-2010-1773)
