Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page.

ENGADGET: Apple releases Windows Safari 3.0.1, squishes security bugs