Mozilla updated Firefox to address a total of 14 vulnerabilities in the browser. Three of which are flagged critical. However, it failed to address one bug that the memory corruption flaw that enables attackers to put in codes in vulnerable machines just by making users visit a malicious site.

Here’s the list of vulnerabilities fixed in the patch:

Fixed in Firefox 2.0.0.2
MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

Fixed in Firefox 2.0.0.1
MFSA 2006-76 XSS using outer window’s Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escalation using watch point
MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

For those with automatic updates, just wait until Firefox prompts you to restarts as it finishes downloading the patch from the background.

For everyone else, read the download details of Firefox 2.0.0.2 here.

Source: Mozilla