Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions, allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
Apple Safari 2.0.3
Apple Safari 1.3.1
Denial of Service
Currently we are not aware of any vendor-supplied patches for this issue.