One of the vulnerabilities is specific to Windows. In previous versions of Safari, attempting to reveal the location of a downloaded file could lead to the execution of an application contained in the same directory. This occurred because Safari did not specify the full search path to Windows Explorer.
The other two issues apply to the Mac OS X and Windows versions of Safari.
Inadequate validation of floating-point values in WebKit (the engine that underpins Safari) could allow a malicious website to trigger a crash or execute arbitrary code.
A bug in the handling of elements with run-in styling (a CSS feature) could result in a crash or execution of arbitrary code.
Other changes to Safari, the iWeb update and a new version of TechTool Deluxe for AppleCare subscribers are described on page 2.
Safari 5.0.2 also fixes issues that could prevent users from submitting web forms and that could cause web content to display incorrectly when viewing a Google Image result with Flash 10.1 installed.
For users of older versions of Mac OS X that can't run Safari 5, Apple has also updated Safari 4 to version 4.1.2 with the floating-point fix.
Apple also delivered a minor update to iWeb, the web page creation program in the iLife suite. All the company is saying is that "This update addresses issues when publishing to MobileMe and other minor issues."
The updates can be installed by using Software Update (Apple Software Update on Windows) or by downloading the installers via Apple's Support Downloads page.
In related news, Apple last weekend released a new version of the TechTool Deluxe utility for systems covered by an AppleCare Protection Plan. The software is available for download via this support page.