The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
Official KDE security advisory with reference to upstream patch: http://www.kde.org/info/security/advisory-20070206-1.txt
it's fixed in kdelibs-3.3.1-9.el4/kdelibs-3.5.4-13.el5
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0909.html ((RHEL4, RHEL5) Fedora: updated to fixed upstream version