According to Secunia, the latest versions of Internet Explorer, Internet Explorer for Mac, Safari, iCab, Mozilla, Mozilla Firefox and Camino are all vulnerable. Opera 7 and 8 are affected, but not 8.01, according to Opera.
Microsoft has said it is investigating Secunia's claims. It encouraged surfers not to trust pop-up windows that don't include an address bar or a lock icon that verifies that it came from a certified source.
Mozilla Firefox developers have already been making moves to combat this kind of phishing attack. Back in April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites. Mozilla wasn't immediately available to comment on Secunia's claims.
Opera confirmed Wednesday that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.
"Once these things are discovered, there's a rush as everyone tries to fix the problem," Christen Krogh, Opera's vice president of engineering, told ZDNet UK.
Krogh also pointed out that Secunia had rated the vulnerability as "less critical."
"This could fool some users into giving out some data to a site that wouldn't otherwise be able to get that information. But it doesn't seem like the most important issue," Krogh said.
Graeme Wearden of ZDNet UK reported from London.