Firefox and Opera users have been warned of a flaw in the way the browsers handle an image file that could allow an attacker to see what websites they've visited.

The problem concerns how the two browsers handle a bitmap image file, according to an advisory written by Gynvael Coldwind of, who posted a video illustrating the problem.

A malicious bitmap file can be created that pulls other information from the browsers' memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said.

"The harvested data contains various information including parts of other websites, users' favourites and history and other information," said.

Using the 'canvas' HTML tag supported by the browsers, an attacker can capture the data. Then, using JavaScript, the information can be sent to a remote server.

The flaw could also crash Firefox. The vulnerability affects Firefox and previous versions of that browser as well as the beta version of Opera 9.50.

For more security news, reviews and tutorials, see Security Advisor