Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari’s RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include—but isn’t necessarily limited to—e-mails, passwords, and information stored in browser cookies.

This vulnerability affects any Mac OS X user that has Safari set as the default feed reader in Safari’s RSS preferences. You can be affected by it even if you don’t read RSS feeds or regularly use another browser such as Firefox. As for Windows users, the vulnerability only affects those who use Safari to browse the web.

Solution/Workaround for this problem is very simple.

Src