Not sure if it helps, but I *think* the next bug on my list (the page that was going to be loaded next) was https://bugs.kde.org/show_bug.cgi?id=163736

I just ran into this bug again. This time it was when I opened a link in a mail from within kmail. More precisely:

1) Clicked on a link from mail A (https://bugzilla.novell.com/show_bug.cgi?id=433239) that opened in a new konqueror window
2) Went to another mail and clicked on a link in that mail (http://bugs.kde.org/show_bug.cgi?id=173160) and then kontact crashed with the backtrace below

Both mails were only opened in the "preview" pane (*no* double click on the mails to open them in a new window)

Application: Kontact (kontact), signal SIGSEGV

Thread 1 (Thread 0xb4b35720 (LWP 22080)):
[KCrash Handler]
#6  DOM::NodeImpl::positionForCoordinates (this=0x0, x=123, y=153) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/khtml/xml/dom_nodeimpl.h:362
#7  0xb6d7faa8 in KHTMLPart::khtmlMouseReleaseEvent (this=0x8377350, event=0xbf8af234) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/khtml/khtml_part.cpp:6704
#8  0xb6d4bcea in KHTMLPart::customEvent (this=0x8377350, event=0xbf8af234) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/khtml/khtml_part.cpp:6203
#9  0xb7fbdc0c in QObject::event (this=0x8377350, e=0xbf8af234) at kernel/qobject.cpp:1178
#10 0xb5741fab in QApplicationPrivate::notify_helper (this=0x8062128, receiver=0x8377350, e=0xbf8af234) at kernel/qapplication.cpp:3809
#11 0xb5748ae5 in QApplication::notify (this=0xbf8b01cc, receiver=0x8377350, e=0xbf8af234) at kernel/qapplication.cpp:3399
#12 0xb7a70f95 in KApplication::notify (this=0xbf8b01cc, receiver=0x8377350, event=0xbf8af234) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/kdeui/kernel/kapplication.cpp:307
#13 0xb7fadb21 in QCoreApplication::notifyInternal (this=0xbf8b01cc, receiver=0x8377350, event=0xbf8af234) at kernel/qcoreapplication.cpp:593
#14 0xb6d3bcdf in KHTMLView::mouseReleaseEvent (this=0x8369178, _mouse=0xbf8afa1c) at /usr/include/qt4/QtCore/qcoreapplication.h:215
#15 0xb579a5a2 in QWidget::event (this=0x8369178, event=0xbf8afa1c) at kernel/qwidget.cpp:7169
#16 0xb5ad5ff3 in QFrame::event (this=0x8369178, e=0xbf8afa1c) at widgets/qframe.cpp:657
#17 0xb6d3a8e5 in KHTMLView::widgetEvent (this=0x8369178, e=0xbf8afa1c) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/khtml/khtmlview.cpp:2381
#18 0xb6d3ab23 in KHTMLView::eventFilter (this=0x8369178, o=0x836ab48, e=0xbf8afa1c) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/khtml/khtmlview.cpp:2245
#19 0xb7fad5a1 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x8062128, receiver=0x836ab48, event=0xbf8afa1c) at kernel/qcoreapplication.cpp:700
#20 0xb5741f8e in QApplicationPrivate::notify_helper (this=0x8062128, receiver=0x836ab48, e=0xbf8afa1c) at kernel/qapplication.cpp:3805
#21 0xb5749438 in QApplication::notify (this=0xbf8b01cc, receiver=0x836ab48, e=0xbf8afa1c) at kernel/qapplication.cpp:3534
#22 0xb7a70f95 in KApplication::notify (this=0xbf8b01cc, receiver=0x836ab48, event=0xbf8afa1c) at /var/tmp/portage/kde-base/kdelibs-4.1.71/work/kdelibs-4.1.71/kdeui/kernel/kapplication.cpp:307
#23 0xb7fadb21 in QCoreApplication::notifyInternal (this=0xbf8b01cc, receiver=0x836ab48, event=0xbf8afa1c) at kernel/qcoreapplication.cpp:593
#24 0xb574a879 in QApplicationPrivate::sendMouseEvent (receiver=0x836ab48, event=0xbf8afa1c, alienWidget=0x836ab48, nativeWidget=0x831a980, buttonDown=0xb5f07c60, lastMouseReceiver=@0xb5f07c64)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#25 0xb57b29e7 in QETWidget::translateMouseEvent (this=0x831a980, event=0xbf8aff28) at kernel/qapplication_x11.cpp:4048
#26 0xb57b131e in QApplication::x11ProcessEvent (this=0xbf8b01cc, event=0xbf8aff28) at kernel/qapplication_x11.cpp:3044
#27 0xb57d796d in QEventDispatcherX11::processEvents (this=0x805f910, flags={i = -1081409592}) at kernel/qeventdispatcher_x11.cpp:134
#28 0xb7fac6b0 in QEventLoop::processEvents (this=0xbf8b0040, flags={i = -1081409528}) at kernel/qeventloop.cpp:149
#29 0xb7fac852 in QEventLoop::exec (this=0xbf8b0040, flags={i = -1081409464}) at kernel/qeventloop.cpp:200
#30 0xb7faec6f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:851
#31 0xb5741d43 in QApplication::exec () at kernel/qapplication.cpp:3337
#32 0x0804c312 in main (argc=1, argv=0xbf8b03c4) at /var/tmp/portage/kde-base/kontact-4.1.71/work/kontact-4.1.71/kontact/src/main.cpp:218

Happened once again when clicking on a link in a mail opened in the preview pane in kmail. This time its a backtrace from KDE-4.2.4

[Thread debugging using libthread_db enabled]
[New Thread 0x7fe299a9e750 (LWP 9649)]
[KCrash handler]
#5  DOM::NodeImpl::renderer (this=0x0)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/khtml/xml/dom_nodeimpl.h:365
#6  0x00007fe2991bccbe in DOM::NodeImpl::positionForCoordinates (this=0x0, 
    x=207, y=329)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/khtml/xml/dom_nodeimpl.cpp:1208
#7  0x00007fe299169a57 in KHTMLPart::khtmlMouseReleaseEvent (this=0x115e060, 
    event=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/khtml/khtml_part.cpp:6402
#8  0x00007fe293e1ce9d in QObject::event (this=0x115e060, e=0x7fffa1af0ec0)
    at kernel/qobject.cpp:1140
#9  0x00007fe29490734d in QApplicationPrivate::notify_helper (this=0x631e60, 
    receiver=0x115e060, e=0x7fffa1af0ec0) at kernel/qapplication.cpp:4057
#10 0x00007fe29490ff8e in QApplication::notify (this=0x7fffa1af3820, 
    receiver=0x115e060, e=0x7fffa1af0ec0) at kernel/qapplication.cpp:4022
#11 0x00007fe295c52e7d in KApplication::notify (this=0x7fffa1af3820, 
    receiver=0x115e060, event=0x7fffa1af0ec0)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/kdeui/kernel/kapplication.cpp:307
#12 0x00007fe293e0c92b in QCoreApplication::notifyInternal (
    this=0x7fffa1af3820, receiver=0x115e060, event=0x7fffa1af0ec0)
    at kernel/qcoreapplication.cpp:606
#13 0x00007fe29915310e in KHTMLView::mouseReleaseEvent (this=0x11e1580, 
    _mouse=0x7fffa1af1a90)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/khtml/khtmlview.cpp:1663
#14 0x00007fe29495a900 in QWidget::event (this=0x11e1580, 
    event=0x7fffa1af1a90) at kernel/qwidget.cpp:7521
#15 0x00007fe294cd7c8b in QFrame::event (this=0x11e1580, e=0x7fffa1af1a90)
    at widgets/qframe.cpp:559
#16 0x00007fe29915211a in KHTMLView::widgetEvent (this=0x11e1580, 
    e=0x7fffa1af1a90)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/khtml/khtmlview.cpp:2402
#17 0x00007fe299155d3e in KHTMLView::eventFilter (this=0x11e1580, o=0x921cd0, 
    e=0x7fffa1af1a90)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/khtml/khtmlview.cpp:2266
#18 0x00007fe293e0c3c7 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0x921cd0, event=0x7fffa1af1a90)
    at kernel/qcoreapplication.cpp:726
#19 0x00007fe29490731c in QApplicationPrivate::notify_helper (this=0x631e60, 
    receiver=0x921cd0, e=0x7fffa1af1a90) at kernel/qapplication.cpp:4053
#20 0x00007fe2949107b4 in QApplication::notify (this=<value optimized out>, 
    receiver=0x921cd0, e=0x7fffa1af1a90) at kernel/qapplication.cpp:3759
#21 0x00007fe295c52e7d in KApplication::notify (this=0x7fffa1af3820, 
    receiver=0x921cd0, event=0x7fffa1af1a90)
    at /var/tmp/portage/kde-base/kdelibs-4.2.4-r2/work/kdelibs-4.2.4/kdeui/kernel/kapplication.cpp:307
#22 0x00007fe293e0c92b in QCoreApplication::notifyInternal (
    this=0x7fffa1af3820, receiver=0x921cd0, event=0x7fffa1af1a90)
    at kernel/qcoreapplication.cpp:606
#23 0x00007fe29490f912 in QApplicationPrivate::sendMouseEvent (
    receiver=0x921cd0, event=0x7fffa1af1a90, alienWidget=0x921cd0, 
    nativeWidget=0x11d93c0, buttonDown=<value optimized out>, 
    lastMouseReceiver=@0x7fe2952de050)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216
#24 0x00007fe29497126c in QETWidget::translateMouseEvent (this=0x11d93c0, 
    event=<value optimized out>) at kernel/qapplication_x11.cpp:4448
#25 0x00007fe29496fd45 in QApplication::x11ProcessEvent (this=0x7fffa1af3820, 
    event=0x7fffa1af3490) at kernel/qapplication_x11.cpp:3566
#26 0x00007fe2949959c4 in x11EventSourceDispatch (s=0x634530, callback=0, 
    user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#27 0x00007fe28f260614 in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
#28 0x00007fe28f2624d7 in g_main_context_iterate ()
   from /usr/lib/libglib-2.0.so.0
#29 0x00007fe28f2625bd in g_main_context_iteration ()
   from /usr/lib/libglib-2.0.so.0
#30 0x00007fe293e34aff in QEventDispatcherGlib::processEvents (this=0x6126f0, 
    flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:324
#31 0x00007fe29499521f in QGuiEventDispatcherGlib::processEvents (this=0x0, 
    flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#32 0x00007fe293e0b592 in QEventLoop::processEvents (
    this=<value optimized out>, flags={i = -1582352560})
    at kernel/qeventloop.cpp:149
#33 0x00007fe293e0b725 in QEventLoop::exec (this=0x7fffa1af3790, flags=
      {i = -1582352480}) at kernel/qeventloop.cpp:196
#34 0x00007fe293e103ee in QCoreApplication::exec ()
    at kernel/qcoreapplication.cpp:888
#35 0x00000000004040a9 in main (argc=1, argv=0x7fffa1af3d38)
    at /var/tmp/portage/kde-base/kontact-4.2.4/work/kontact-4.2.4/kontact/src/main.cpp:218

*** Bug 200954 has been marked as a duplicate of this bug. ***

From bug 216058:
---
What I was doing when the application crashed:
crashed on facebook, looking some pics.
just crashed suddenly, looking pics on a friend profile.

*** Bug 216058 has been marked as a duplicate of this bug. ***

From bug 221715:
---
What I was doing when the application crashed:
I was trying to open a page in the Opera browser from an e-mail I received.
Unfortunately, I was having no success -- instead, Kmail chose to crash.

-- Backtrace:
[KCrash Handler]
#5  DOM::NodeImpl::renderer (this=0x0, x=126, y=755) at
../../khtml/xml/dom_nodeimpl.h:367
#6  DOM::NodeImpl::positionForCoordinates (this=0x0, x=126, y=755) at
../../khtml/xml/dom_nodeimpl.cpp:1212
#7  0x00007faa50a20c68 in KHTMLPart::khtmlMouseReleaseEvent (this=0x2af90d0,
event=<value optimized out>) at ../../khtml/khtml_part.cpp:6453
#8  0x00007faa5479a715 in QObject::event (this=0x2af90d0, e=0x7fff5e4545e0) at
kernel/qobject.cpp:1141
...

*** Bug 221715 has been marked as a duplicate of this bug. ***

 Somehow we have a range selection with a null base....

*** Bug 221888 has been marked as a duplicate of this bug. ***

*** Bug 221135 has been marked as a duplicate of this bug. ***

Bug 223588 got another (sometimes) reproducible testcase:
What I was doing when the application crashed:
When I clicked several on the image (http://smu.edu/totw/totwmain.jpg) on the
website http://smu.edu/totw/ konqueror crashed.

Bug 223588 comment 1 has a complete KDE SC 4.5 backtrace.

*** Bug 223588 has been marked as a duplicate of this bug. ***

OK, so it sets an extent on a null one - so we have an empty 
selection/null base, and d->editor_context.m_beganSelectingText is true.


#9  0x08ad8648 in *__GI___assert_fail (assertion=0x71d559d "m_state == NONE",                                                
    file=0x71d562c "/home/maksim/kde42/src/kdelibs/khtml/xml/dom_selection.cpp", line=703,                                   
    function=0x71d56a0 "void DOM::Selection::validate(DOM::Selection::ETextGranularity)") at assert.c:81                     
#10 0x06e7185d in DOM::Selection::validate (this=0xbfae8078, granularity=DOM::Selection::CHARACTER)                          
    at /home/maksim/kde42/src/kdelibs/khtml/xml/dom_selection.cpp:703                                                        
#11 0x06e71a89 in DOM::Selection::setExtent (this=0xbfae8078, pos=...) at /home/maksim/kde42/src/kdelibs/khtml/xml/dom_selection.cpp:375
#12 0x06dbfd1f in KHTMLPart::extendSelectionTo (this=0xdc456d8, x=65, y=138, innerNode=...)                                             
    at /home/maksim/kde42/src/kdelibs/khtml/khtml_part.cpp:6253                                                                         
#13 0x06dbfeca in KHTMLPart::handleMouseMoveEventSelection (this=0xdc456d8, event=0xbfae86a8)                                           
    at /home/maksim/kde42/src/kdelibs/khtml/khtml_part.cpp:6410                                                                         
#14 0x06dc6bbc in KHTMLPart::khtmlMouseMoveEvent (this=0xdc456d8, event=0xbfae86a8)                                                     
    at /home/maksim/kde42/src/kdelibs/khtml/khtml_part.cpp:6422                                                                         
#15 0x06db54eb in KHTMLPart::customEvent (this=0xdc456d8, event=0xbfae86a8) at /home/maksim/kde42/src/kdelibs/khtml/khtml_part.cpp:5966 
#16 0x00cea323 in QObject::event (this=0xdc456d8, e=0xbfae86a8) at kernel/qobject.cpp:1291

SVN commit 1079105 by orlovich:

Make selection normalization more robust, so we don't 
blow up an crash extending from an empty base.
(Important, since potentially repsonsible for some kmail 
 crashes => will backport for 4.4)

BUG: 168849


 M  +13 -6     dom_selection.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1079105

SVN commit 1079106 by orlovich:

automatically merged revision 1079105:
Make selection normalization more robust, so we don't 
blow up an crash extending from an empty base.
(Important, since potentially repsonsible for some kmail 
 crashes => will backport for 4.4)

BUG: 168849

 M  +13 -6     dom_selection.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1079106

*** Bug 227754 has been marked as a duplicate of this bug. ***

*** Bug 175601 has been marked as a duplicate of this bug. ***

*** Bug 228013 has been marked as a duplicate of this bug. ***

*** Bug 230284 has been marked as a duplicate of this bug. ***