WebKit when handling parent objects has a vulnerability which can allow for a maliciously crafted site to conduct a XSS attack. The improvement is in the way the WebKit handles parent objects. 
Simple Class Dump from Safari 4.0.1In addition numeric character references crafted in a malicious way can corrupt memory leading to unexpected application termination and/or arbitrary code execution.