The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows.
The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected, the company warned.