I found that the following javascript causes a stack exhaustion: <BODY onload="go()"><SCRIPT> var i=0; function go() { oColGroup=document.createElement('colGroup'); document.body.appendChild(oColGroup); oComment=document.createElement('b'); document.body.insertAdjacentElement('afterBegin', oComment); } </SCRIPT></BODY> Something tells me the colGroup is the culprit, but I have no way of backing that up. Tested with Safari 3.1.1. Marked as security, I'm not sure if you treat DoS as a security issue, so erring on the safe side.
Changing priority and security flag
<rdar://problem/6007110>
Why is this bug marked PlatformOnly?
*** This bug has been marked as a duplicate of 19519 ***