A flaw in the way the Firefox and Opera browsers handle an image file could allow an attacker to see what web sites a person has visited.
A malicious bitmap file can be created that pulls other information from the browsers' memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said.
"The harvested data contains various information including parts of other Web sites, users' favorites and history and other information," Vexillium.org said.
The flaw could also crash Firefox. The vulnerability affects Firefox 126.96.36.199 and previous versions of that browser as well as the beta version of Opera 9.50.