Check this test out in Konqy. It looks as though it is vulnerable to this bug. Has this been fixed in CVS? http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/