An unpatched vulnerability in the current version of Java has "gone mainstream," prompting Mozilla to direct Firefox users to switch the plugin off entirely. The zero-day exploit could currently affect users running Java 1.7 on any Windows browser, and Websense reports that it's now included in Blackhole, the "most prevalent exploit kit out there."

While Oracle is yet to issue a patch for the exploit, IDG says that it was among several security issues reported to the company back in April that have been left untouched until the planned October Critical Patch Update. Mozilla is preparing its own solution which will disable Java by default, but hasn't announced how this will be implemented. In the meantime, the company is giving users instructions on how to disable Java, and anyone using other browsers may well wish to do the same.