A vulnerability has been identified in the current iteration of Apple's Safari browser.
Security Tracker reports the problem as one in which Safari incorrectly renders text as HTML in certain cases.
A Jonathan Rockway warns that the browser, "ignores the HTTP 'Content-type' header value sent by the Web server."
This means a remote Web server can supply plain text that's rendered as HTML, and this may constitute an opportunity for "cross-site scripting attacks", one of the most common security problems facing Web developers today, according to O'Reilly. More information on such attacks is available here.
The report claims no fix for this flaw to be available at this time.