In a posting to the Full Disclosure mailing list, security researcher Michal Zalewski outlined two vulnerabilities in each of the popular browsers.
The vulnerabilities could allow attackers to overwrite the URL bar, or steal user data and remotely download and execute code.
A Microsoft spokesperson told vnunet.com that that the company is investigating two reported Internet Explorer vulnerabilities, but declined to acknowledge that they were uncovered by Zalewski.
The most serious of the Internet Explorer flaws could allow an attacker to steal cookie files, inject malicious code into web pages and steal sensitive information for IE6 and IE7, according to Zalewski.
The second vulnerability only affects IE 6 and is said to pose less of a risk. The flaw could allow an attacker to spoof Internet Explorer's URL bar, possibly allowing an attacker to disguise phishing or scam sites as a trusted website.
This vulnerability was confirmed to be a variant of a previously reported flaw on Mozilla's Bugzilla reporting service.
The second reported vulnerability uses flaws in the way Firefox handles confirmation dialog boxes.
Zalewski claimed that the vulnerability could allow an attacker to download and execute software without the user's knowledge.
The Bugzilla page for the second reported vulnerability is currently closed to unauthorised users.
Atmospheric iodine works as a significant sink of tropospheric ozone, nullifying the harmful pollutant
A temperature rise of just 1.8° C would melt major ice sheets
The new framework could enable supercomputers that reach exascale levels
Danish Ministry of Higher Education and Science offers £1.3 million to reveal secrets of the universe
The grant will be used to upgrade particle detectors at CERN