Mozilla have released Firefox 2.0.0.19 and 3.0.5, Thunderbird 2.0.0.19, and SeaMonkey 1.1.14 to address a number of security vulnerabilities.

The new releases include fixes for ten issues across the Mozilla product range. Four of the issues are considered as Critical, One is considered High Risk, two issues are considered Moderate risk and the remaining three issues considered Low Risk.

First up is MFSA 2008-69 it is a same-origin bypass vulnerability occurs in the session-restore feature. An attacker can exploit this to perform cross-site scripting attacks. This issue only affects Firefox and is rated as critical.

The second issue is MFSA 2008-68, this is a same-origin bypass vulnerability affects XBL bindings. An attacker can exploit this issue to execute arbitrary JavaScript in the context of another website. This issue affects Firefox, Thunderbird, and SeaMonkey. This issue is rated as Critical by the Mozilla foundation.

MFSA 2008-62 is a privilege-escalation vulnerability facilitating JavaScript execution with Chrome privileges affects Firefox in the feed preview, this issue is rated as Critical.

The last of the Critical issues is MFSA 2008-60 this covers multiple memory-corruption vulnerabilities affect the browser engine in Firefox, Thunderbird, and SeaMonkey. These issues can be exploited to execute arbitrary code or trigger crashes in the context of the affected application.

On to the high risk issue this is MFSA 2008-65 it is a cross-domain information-disclosure vulnerability occurs when a same-domain JavaScript URL redirects to an off-domain target resource with data which is not parsable as JavaScript. This issue affects Firefox, Thunderbird, and SeaMonkey.

Now on with the Moderately rated issues, MFSA 2008-64 is a moderate risk issue that is a cross-domain information-disclosure vulnerability that occurs when a 'XMLHttpRequest' is made to a same-origin resource which 302 redirects to a resource in a different domain. This issue affects Firefox, Thunderbird, and SeaMonkey.

The second of the two moderate risk issues is MFSA 2008-61 this is a same-origin bypass vulnerability affects Mozilla's XBL bindings. An attacker can exploit this issue to read data from other domains. This issue affects Firefox, Thunderbird, and SeaMonkey.

The last of the issues addressed in the patch are low risk issues, the first we shall cover is MFSA 2008-67, this is a security weakness in the parser could potentially result in a bypass of script sanitization routines in web applications. This issue affects Firefox, Thunderbird, and SeaMonkey it is considered a low risk issue.

The second of the low risk issues is MFSA 2008-66, it covers a security issue that affects the parser and arises when the parser handles certain control characters at the beginning of a URL. This issue affects Firefox, Thunderbird, and SeaMonkey.

The final issue of the day is MFSA 2008-63, this is a security vulnerability that occurs because the persist attribute in XUL elements can be abused to store cookie-like information on a victim's computer. This issue only affects Firefox.

As usual it is recommended that you get your software updated, most of the Mozilla products will attempt to update themselves if the update functionality has not been disabled. If you have disabled it, then it is recommended that you update as soon as possible, Firefox 2.0.0.19 should be the last Firefox release from the 2.0 code base as it is supposed to be retired at the end of the year.