Secunia posted a security advisory regarding Safari 3.1.1 for Mac and Windows Vista on Thursday. A maliciously crafted URL could display a fake URL in the address bar.
"The problem is that it is possible to hide the actual location of a page in the address bar via a specially crafted URL containing a number of certain special characters in the "user" field before the "@" character," the advisory said.
The issue was given a rating of "Less Critical" (2 out of 5) on a scale that ranges from Not Critical (1), to Extremely Critical (5).
Until this is patched, the proposed solution is to not browse untrusted sites or links. The issue was confirmed in Safari 3.1.1 in Mac OS X and Vista.