CVE-2008-5698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5698): HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
I wonder if KDE upstream cares about these javascript DoS issues? If it's just a client crash, without memory explosion, there's no reason for us to track it.
They dont bother with kde3 much. So feel free to do what ever you want with the problem :] It looks like it just trash your browser which is not too much vital :]
i have opened stabilization bug for kde 3.5.10, adding it in depend buglist
=konqueror-3* is now masked for removal
KDE 3 is not in tree any more. CC us again if you need anything. thanks
KDE 3 long gone.