Warning: disable Java plugin!

[Moonchild]

Even with oracle release java 7 update 11, it is best to completely disable the plugin in the browser and only enable it when you visit a site where you absolutely need it. You can disable and enable plugins from the Add-On manager on-the-fly (no restart required) so there is no reason to run a risk.

Oracle has issued an emergency fix for its cross-platform Java software. Java 7 update 11 for Windows, Mac and Linux, and Java 7 Update 11 64-bit for 64-bit versions of Windows and Linux, aims to plug a number of alarming security holes that were being used for phishing attacks and other crimeware.

While update 11 should be considered an essential update for all Java users, researchers have warned that the new build is little more than a sticking plaster for the problem, and recommend users actually disable Java from running inside web browsers.

Sources:
http://www.softwarecrew.com/2013/01/java-7-update-11-acts-as-sticking-plaster-for-recent-security-concerns/
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
https://community.rapid7.com/community/metasploit/blog/2013/01/11/omg-java-everybody-panic
http://www.security-explorations.com/en/SE-2012-01-press.html

[Moonchild]

To prove a point: update 11 was already considered vulnerable less than 24 hours after the patch was out, and is actively being used by internet criminals.

So, once more: disable java in your browser! Are you reading this? Then do it right now! Hit Ctrl+Shift+A for Add-ons, tab Plugins on the left side, and in the list, click "Disable" on the "Java (tm) Platform SE" plugin.

http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/

[Moonchild]

The Java plugin Update 11 has now been soft-blocked in Pale Moon 15.4 - You can still continue using it and enable it if desired, but for your safety, the default is to disable the plugin in the browser.