Safari suffers from an out-of-bounds memcpy in Array.concat that can lead to memory corruption.
6db1ba6357b6b2691d74c0fe51123d940627a490bc8ab5b483b0f2bce87edc4d
Ubuntu Security Notice 3257-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
cf093dbe9d28c2da54857b225f129940736f62bb4316b79000fc51f6f1eef93f