The United States Computer Emergency Readiness Team (US-CERT) has found a security hole in Safari, with which a hacker could run arbitrary code at the privilege level of the current user account if the victim visits a malicious Web page.
So far the problem has been confirmed to be on the Windows version of Safari; however, it could also exist on the Mac.
There are no known fixes as yet, and it will be up to Apple to fix the problem fully with a Safari update. In the meantime, there are several things you can do to both reduce the potential harm from exploits of this vulnerability, as well as prevent it from being used.
Use nonadministrative accounts.
This vulnerability is only able to run code with the permissions of the current user on the system. If you are using an administrative account, then there is more potential for harm from an exploit.
The best advice for any browser, is to not follow random links from spam, forums, chat rooms, or pop-up windows. Check the spelling of links (you can right-click and copy them to better examine them) and see if there are any misspellings, the use of offshore hosting servers, use of IP addresses instead of DNS names, and very long URLs. If any of these exist in a link, avoid them. If you are looking for a specific company, use a reputable search engine or go directly to the company's Web site.
Regardless of the vulnerability, if you are not browsing malicious Web sites, then your risk will be minimal.