Firefox 2.0.0.4 and 1.5.0.12 were released yesterday, fixing six security vulnerabilities. While not confirmed, the most significant of these could potentially allow arbitrary code execution:

MFSA-2007-17 Parts of the browser chrome could be spoofed or hidden
MFSA-2007-16 Script injection (High impact)
MFSA-2007-14 Two issues with cookie handling
MFSA-2007-13 Denial of service against 'form autocomplete'
MFSA-2007-12 Crash with potential memory corruption (High impact - two CVEs)