Link Details

The title is misleading. Here is a decent diagnosis about the recent browser-only vulnerability http://timboudreau.com/blog/read/The_Java_Security_Exploit_in_%28Mostly%29_Plain_English

I don't buy the "it's only in the browser" arguments. Java 7 upon its release suffered an awful, *awful* bug that with an optimization flag caused instability of the resulting code. This was as much a server-side problem as it was a client-side problem. I do, however, buy the argument that if Java was to be abandoned, it should start on the client. Everything Java originally sought to "fix" is no longer relevant. For sandboxed solutions that needed to go beyond the limitations of HTML, we've always had Flash, and Silverlight, and now HTML 5 / canvas / SVG. For solutions that break out of the sandbox, which Java is most frequently used for on the client nowadays in broad-scope solutions, one might as well go native with COM / XPCOM / chrome-native because you're already asking the user to run an insecure solution. All of these arguments regarding the client are *before* we get into the absolutely embarrassing problems that Oracle has introduced. Add that and you have a *major distributed problem on worldwide Internet scale*!! Recommendations from U.S. government was to flat out uninstall Java and never to use it again. You can't gimp such a thing as what is mass distributed in Java. But Oracle did, and will continue.

Oh, and by the way, it's still borked. http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717

NaCL will put a nail in their coffin.

btw dont mind the down votes, all those are going down the hill ;-)

This is the most stupid article I have ever read. BTW who is using java applet ? Dennis Fisher ? to draw a circle ? The author is just a copy junk ! Java is used for enterprise application because it's very efficient. If you wish to talk about java, first have a look to http://www.oracle.com/us/technologies/java/overview/index.html