Security-Protocols has released information about a denial of service vulnerability in the KHTMLParser in Mac OS X v10.4.3, as well as earlier versions of the operating system. Affecting Safari 2.0.2 and TextEdit 1.4 as well as earlier versions of those applications, the threat can enable an attacker to execute arbitrary code.
Security-Protocols labeled the threat medium in its severity. The company has a page with more specific information about the problem, including an example of code that can cause the vulnerability to occur in Safari running on Mac OS X v10.4.3.
Apple has been notified about the issue, but the company typically doesnit address such problems until it releases a security update.