How do I protect from security vulnerability in Java that affects any browser using the Java plugin?  This vulnerability can be exploited to execute malicious software  and is being actively used in attacks. The malicious exploit code is also available in common exploit kits.

So I am now just using Firefox as my browser since it has the Click to Play feature that ensures the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site.

Since no patch is currently available it is recommended that you disable Java from your browser.  I want to keep my Java enabled so am using Firefox with Click to Play. Mozilla has enabled Click To Play for Firefox users for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38). Firefox users with older versions of Java are already protected by existing plugin blocking or Click To Play defenses.

As a side note, you can force all plugins to be Click to Play by using the Click to Play plugin and going to about:config and changing the preference plugins.click_to_play to true.

From the Click to Play UI (the drop-down or by clicking the blue-block icon in the address bar) you can block or allow plugins for the site you’re on.

There is currently not a way to block or allow specific plugins on specific sites, that is, you can’t block Java but allow Flash; right now it’s all or nothing on a per-site basis. You can permanently disable any plugin for all sites from the Add-on manager dialog, but then you can’t use Click to Play to enable it.