Konqueror 3.5.5 allows remote malicious users to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
kde konqueror 3.5.5