The vulnerability could allow third parties to write information on other people's websites, and could be exploited to create spoofed log-in pages.
"A seven year-old vulnerability has been reintroduced into Mozilla and Firefox which can be exploited by malicious people to spoof the contents of websites," Secunia warned.
"The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Other versions may also be affected."
The flaw makes it technically possible for phishers to harvest details from a banking or e-commerce website, but the user would require both the legitimate and hacked websites open simultaneously for it to work.
Secunia has designed an online test to determine whether a browser is vulnerable to the flaw.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007