Jata 7 Update 7 is vulnerable to a critical security bug that could lead attackers to compromise the user’s system through the Java plugin. The vulnerability is currently being exploited, and is a serious risk to users. To mitigate this risk, we have added Java 7 Update 7 to the add-on blocklist. Update 6 and below had been blocklisted already due to other vulnerabilities.
Mozilla strongly encourages anyone who requires the Java JDK and JRE to update to the current version as soon as possible on all platforms.
Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied. If the block is accidentally accepted, the plugin can be enabled again in the Add-ons Manager, in the Plugins pane.
Updated versions of the JRE are available on java.com.