Both flaws were announced by SecuriTeam, a division of Beyond Security, this week.
The browser typically does not allow Web sites to access files that are stored locally, according to the official report, but this URL permission check is superseded when a Firefox user has turned off pop-up windows manually.
The second flaw, announced by SecuriTeam on Wednesday, concerns Firefox's phishing protection feature. With this vulnerability, an adept phisher could fool the browser into believing that a fraudulent site is actually secure by adding particular characters into the URL of its Web site.
[edited by: encyclo at 11:47 pm (utc) on Feb. 8, 2007] [edit reason] fixed link [/edit]