The June 2012 update to the Java Development Kit (JDK) and Java Runtime Environment (JRE) included a patch to correct a critical vulnerability that can permit the loading of arbitrary code on an end-user’s computer.
This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin (Version 6 Update 32 and below as well as Version 7 Update 4 and below) to Firefox’s blocklist.
Mozilla strongly encourages anyone who requires the Java JDK and JRE to update to the current version as soon as possible on all platforms.
Affected versions of the Java plugin will be disabled unless a user makes an explicit choice to keep it enabled at the time they are notified of the block being applied. If the block is accidentally accepted, the plugin can be enabled again in the Add-ons Manager, in the Plugins pane.
Updated versions of the JRE for Windows and Linux operating systems are available through java.com. Mac OS X users can update to the latest version using the Software Update utility.