Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote malicious users to spoof the address bar via a crafted web page.
apple safari 5.0.5