CVE-2007-2399
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
Date published : 2007-06-25
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html