Version: 0.2.90 (using 4.3.2 (KDE 4.3.2), Debian packages) Compiler: cc OS: Linux (x86_64) release 2.6.31-1-amd64 Rekonq is affected by a universal XSS and / or crash. Opening a fresh instance of Rekonq and entering the following URL causes a crash: http://thisdomainwillnotresolveandrekonqerrorpagewillbeshownwithfullurlembedded.twitter.com/"><script>alert(document.cookie)</script> However, if you enter this into a new tab on an existing instance of Rekonq then it will first try and resolve the hostname and then when that fails it will display an error message. The error message output by Rekonq includes the full URL, including the <script> tags. Since Rekonq see that the requested URL is part of *.twitter.com and since twitter.com sets wildcard domain'd cookies, the error page will be able to access any cookies that have been set. Note that this is not unique to twitter.com, cookies can be stole for any site that sets wildcard domain'd cookies. There are therefore 3 issues: 1) Crash on fresh instance 2) Injection of malicious content into error message 3) Access to cookies when the hostname under which the cookies have been set was not accessible I believe the root cause of 2 is: rekonq-mainline/src/webpage.cpp: msg += "<h2>" + i18nc("%1=an URL, e.g.'kde.org'", "When connecting to: %1", reply->url().toString()) + "</h2>"; Note that there is no sanitisation of reply->url().toString()! I haven't investigated the others in any depth but I will update the bug with a stack trace for 1 shortly.