|It's actually only part of the Java installation that's vulnerable. If you look in Firefox's list of plugins there should be two Java plugins. The vulnerable one is the|
Java Deployment Toolkit.
You don't need this and it can be safely removed without affecting the Java Platform plugin which you do need to run web-based Java games & apps.
I followed this guide to remove the Java Deployment Toolkit plugin from firefox:
Or you can just leave it as it is, disabled.
One thing I should mention though. Next time you upate Java, that plugin will be injected in to Firefox again, and if it's still suspect, Firefox will again disable it.
So if you can't abide it being there, save the above link for future reference.
I wish Oracle would fix the vulnerability to save us all the time & trouble of removing it after every Java update. Or give us a "custom install" option so we don't have to install it in the first place.
message edited by phil22