Two security flaws have been found in Mozilla 's open source web browser Firefox , according to security company Securiteam . Firefox is normally considered to be the safer alternative to Internet Explorer .
The first security flaw is embedded into Firefox's built-in popup blocker. Firefox doesn't normally allow websites to access local files on a computer, but if a user has manually allowed popup windows, the URL permission is superceded. If a user clicks on a malicious link, a target file could be installed on the computer without their knowledge.
This could result in a hacker gaining access to local files on a computer, enabling them to steal sensitive information such as usernames, password and financial details. The flaw only affects Firefox versions older than 2.0, Securiteam states.
The second security flaw concerns the built-in phishing filter in Firefox. According to Securiteam, this function can be overridden by adding specific characters to the URL address of a website. The filter will then be tricked into flagging up fraudulent websites as legitimate. The flaw can be found in Firefox 2.0, as well as previous versions.
Mozilla has yet to comment on these security flaws.