The host is installed with Apple Safari before 4.0 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly handle a custom cursor in conjunction with a modified CSS3 hotspot property. Successful exploitation could allow attackers to spoof the browser's display.