The vulnerability could allow third parties to write information on other people's websites, and could be exploited to create spoofed log-in pages.
"A seven year-old vulnerability has been reintroduced into Mozilla and Firefox which can be exploited by malicious people to spoof the contents of websites," Secunia warned.
"The vulnerability has been confirmed in Firefox 1.0.4 and Mozilla 1.7.8. Other versions may also be affected."
The flaw makes it technically possible for phishers to harvest details from a banking or e-commerce website, but the user would require both the legitimate and hacked websites open simultaneously for it to work.
Secunia has designed an online test to determine whether a browser is vulnerable to the flaw.
Traditional theories debunked by new study
Scientists closer to developing material capable of splitting water for better storage of solar energy
Experiments needed to see if the material works in the real world
Developers first in the queue to test TensorRT and TensorFlow integration tools running on Nvidia GPUs
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse