Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
http://www.securitytracker.com/id?1022718
http://www.securityfocus.com/bid/36022
http://support.apple.com/kb/HT3733
http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html