Mozilla Enables Click To Play for Java

Java Release 7 Update 11 (released January 13, 2013) fixes this issue.
More info here.

In response to the recent news about the major vulnerability found in Java 7 Update 10, Mozilla has enabled click to play for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38). This is being done automatically for users who are using Firefox 17 or newer.

The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site.

Presently no word from Oracle (the makers of Java) as to when there is going to be a patch. Java 7 Update 11 was planned for release in February 2013 This also a good time to visit the plugin check website to ensure you have the latest version of your other browser plugins.

via Mozilla Security Blog