KDE Konqueror 3.5.7 allows remote malicious users to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
It was discovered that Konqueror could be tricked into displaying
incorrect URLs Remote attackers could exploit this to increase their
chances of tricking a user into visiting a phishing URL, which could
lead to credential theft ...