Today sees the release of Firefox 2.0.0.2, this release fixes seven security problems including he 'location.hostname' bug discovered last week along with a few other nasties. 

The release addresses the following MFSA-2007-01, MFSA-2007-02, MFSA-2007-03, MFSA-2007-04, MFSA-2007-05, MFSA-2007-06 and MFSA-2007-07.

MFSA-2007-01 is considered a critical bug and relates to potential overflows within the layout engine of Firefox and other Mozilla software including Thunderbird and SeaMonkey. The issues covered by MFSA-2007-01 are detailed in CVE-2007-0775, CVE-2007-0776 and CVE-2007-0777.

MFSA-2007-02 relates to improvements made to Firefox to prevent cross site scripting attacks and is considered a low risk. This fix addresses four different vectors used for cross site scripting attacks. MFSA-2007-03 addresses an issue of information disclosure through collisions in the disk cache, this issue has been rated moderate risk. MFSA-2007-04 addresses a problem where some browser UI elements can be spoofed using a custm cursor and adjusting the CSS3 hotspot property. This issue has been rated a low risk issue.

MFSA-2007-05 is a moderate risk issue relating to a cross-site scripting attack and local file access by abusing the popup blocking engine within Firefox. MFSA-2007-06 addresses a moderate risk vulnerability with the Mozilla Network Security Services engine within the handling of SSLv2. This issue also affects Thunderbird as well as the Firefox.

Finally comes MFSA-2007-07 this is the high risk issue discovered last week by Michal Zalewski as we previously covered here.

As many of these issues affect Firefox 1.5.0.x and SeaMonkey there have been new releases of those too. Along with a new release of Thunderbird which contains fixes for MFSA-2007-01 and MFSA-2007-06. 

Add this page to your favorite Social Bookmarking websites