HOW TO: Disable Java in your web browser
For Andrea: News coverage of the recently discovered (and now possibly in the wild QuickTime exploit) is here.
"The vulnerability is in QuickTime, but any Java-enabled browser can be an exploit vector. No exclusions," said Forslof. TippingPoint confirmed this morning that IE 7 running on Vista — the browser that Microsoft touts as its most secure — could be a route to a PC hijack.
A successful exploit would require that the user be tricked into visiting a Web site containing malicious Java code. That kind of attack is commonplace, with links typically delivered via spammed e-mail. Until Apple patches QuickTime, the only sure defense, said Forslof, is to disable Java in the browser.
There’s a good rundown on how to disable Java in many common browsers here, however Firefox is not covered. From within Firefox, go to the "Tools" menu, and select Tools -> Options -> Content. Deselect the "Enable Java" checkbox (see screenshot) and click "OK." Done :) 