In a fairly rare event, two flaws have been simultaneously discovered that affect the two most popular browsers in the world in similar fashions. Internet Explorer version 6 and possibly 7 is affected by one flaw, and Firefox 1.5/2.0 is affected by another. Both of the vulnerabilities are based in the browsers ability to upload files to a remote location and could end up resulting in sensitive data being stolen
. It is a long shot, though, requiring someone to visit a malicious site and can't it can't just pull arbitrary files out of anywhere. It can, however, be used to steal encrypted password files or other well-known files.
There are two demonstrations linked, one for IE and one for Firefox, that shows how the vulnerability works. Now it will be interesting to see who gets a patch out the door first, Microsoft