Firefox, for example, has a blocked plugins list that includes Java plugin 7 update earlier than 44 and Java Plugin 6 updates earlier than 45. Google Chrome introduced a similar blocklist in 2011.

Security vendor Rapid 7 has set up a site that will detect the version of Java that is running in the user’s browser and tell her whether it contains the newly discovered Java vulnerability. The ...

Bit9 sifted its own data on more than a million end points to assemble the report. It found that, among those end points with Java installed, more than 80 percent are currently running Java 6. That ...

Oracle, in making Java Platform, Standard Edition (SE) 7 the default runtime environment for Java this week, is emphasizing that older versions of Java be removed for security purposes.

Specifically, Java on the client is the problem. Oracle, which oversees Java, has stressed a need for users to upgrade to the latest version of Java to fend off security problems.

The latest versions of Java for Windows are Java 6 Update 31 and Java 7 Update 3. Mozilla is also considering adding a blocklist entry for the Java plug-in on OS X.

Any operating system running JRE 1.7 is affected, but the attack doesn’t work against JRE 1.6. That last one is the version that Mac users have installed (assuming they use Java at all).

Apple addressed the issue by releasing a removal tool specifically tailored for the malware, and also disabled the Java runtime in its Safari web browser starting with version 5.1.7.