The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
Apple Security Advisory 2016-03-21-6 - Safari 9.1 is now available and addresses code execution, interface spoofing, denial of service, and various other vulnerabilities.