Browsers and JavaScript use something called the 'same origin policy' to sandbox which elements are accessible to which sites. This prevents JavaScript on one site from accessing JavaScript from another. This is done by combining three elements into a unique key:

1. Protocol (e.g. http)
2. Domain (e.g. singe.za.net)
3. Port (e.g. 80)

Some more detail on this is available here. Anyone familiar with AJAX hacking would be quite familiar with this, but for those who aren't, imagine if JS in one of your tabs could mess with the JS in another. Porn sites would take the opportunity to redirect all of your tabs to something obscene, and AJAX keyloggers could be attached to your internet banking window.