Firefox 2.0.0.2 Released

Firefox version 2.0.0.2 was released today, download available here.

Fixed in Firefox 2.0.0.2
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) Source: Fixes

Windows & Windows Vista
Clicking links in some applications (e.g. some instant messaging programs) might not open them in Firefox, even if you have set it as your default browser. To workaround this problem, go to Start -> Default Programs -> Set default programs for this computer, expand custom, select the radio button next to the app you want to set as the system wide default app (e.g. Firefox, etc.), and apply.
Using the context menu (right-clicking on the Firefox icon) to start in Safe Mode, doesn’t work. As a workaround, use the “Mozilla Firefox (Safe Mode)” menu item that appears in the Start Menu instead.
A Windows Media Player (WMP) plugin is not provided with Windows Vista. As a workaround, in order to view Windows Media content, you can follow these instructions. Note that after installing you may have to get a security update and apply it before you can see the content in the browser.
Vista Parental Controls are not completely honored. In particular, file downloads do not honor Vista’s parental control settings. This will be addressed in an upcoming Firefox release.
When migrating from Internet Explorer 7 to Firefox, cookies and saved form history are not imported. Source: Firefox Release Notes

In total they patched 14 vulnerabilities, but one of the two that were not patched was a serious vulnerability that could allow hackers to inject code remotely just by getting visitors to their malicious webpage, and could let to a compromise of the system. The memory corruption flaw is detailed here memory corruption when onUnload is mixed with document.write()s. US-CERT recommends you disable JavaScript until the flaw is patched.

Here is the current activity listed by US-CERT after the break.