In a posting to the Full Disclosure mailing list, security researcher Michal Zalewski outlined two vulnerabilities in each of the popular browsers.
The vulnerabilities could allow attackers to overwrite the URL bar, or steal user data and remotely download and execute code.
A Microsoft spokesperson told vnunet.com that that the company is investigating two reported Internet Explorer vulnerabilities, but declined to acknowledge that they were uncovered by Zalewski.
The most serious of the Internet Explorer flaws could allow an attacker to steal cookie files, inject malicious code into web pages and steal sensitive information for IE6 and IE7, according to Zalewski.
The second vulnerability only affects IE 6 and is said to pose less of a risk. The flaw could allow an attacker to spoof Internet Explorer's URL bar, possibly allowing an attacker to disguise phishing or scam sites as a trusted website.
This vulnerability was confirmed to be a variant of a previously reported flaw on Mozilla's Bugzilla reporting service.
The second reported vulnerability uses flaws in the way Firefox handles confirmation dialog boxes.
Zalewski claimed that the vulnerability could allow an attacker to download and execute software without the user's knowledge.
The Bugzilla page for the second reported vulnerability is currently closed to unauthorised users.
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse