Firefox 2.0.0.2/1.5.10,Thunderbird 1.5.0.10, SeaMonkey 1.0.8 Updates

Mozilla updates all around! You can of course get them at the usual location. The fixed security issues are listed here. You can of course read them yourself, but the overviews are:

Firefox 2.0.0.2 - 1 Critical, 1 High, 3 Moderate, 2 Low (Vs. 5 Critical, 2 High, 1 Low for last update).

Firefox 1.0.5.10 - 2 Critical, 1 High, 2 Moderate, 2 Low (Vs. 5 Critical, 1 High for last update).

Thunderbird 1.5.0.10 - 1 Critical, 1 Moderate (Vs. 6 Critical, 1 High for last update).

SeaMonkey 1.0.8 - 2 Critical, 1 High, 2 Moderate, 2 Low (Vs. 6 Critical, 1 High for last update).

The only one I will elaborate on is the one critical vulnerability which cross cut through all of them for this release, flaws found in Mozilla Network Security Services (NSS), specifically related to SSLv2. iDefense released a pair of advisories 1 2 related to this component (an integer overflow and an underflow :)); one of which allows a client to exploit a server and the other which allows the server to exploit the client. If you're familiar with your worm terminology you know that this is the making of a contagion worm, whereby as vulnerable clients browse to vulnerable servers one exploits the other "on contact" thus spreading to more and more servers/clients. Of course worms as uncontrolled beasts are out of fashion nowadays, but of course bots can use this same mechanism in a more controlled fashion. I don't think it will really happen on a large scale due to the smaller population (especially of servers using NSS), and the auto-update mechanisms included in FF, but since FF has enough market share to be a target for attacks in the wild, it's still interesting to think about.