The threat covers the Windows, Linux, and Mac operating systems, say internet security software companies.
The bug can be used to harvest on-line credit card and banking account information from users via an additional dialog box, which is invisible to the user.
Data input by the user into a genuine form can be transferred to the additional dialog box, and transferred to remote attackers to enable them to commit fraud.
Security firms issuing warnings about the threat include Symantec and Secunia. Users are being warned to stay clear of websites which they are not familiar with, to avoid the threat.
The bug is unusual in that it affects both major browsers on the market and the three main operating systems used by consumers and firms.