“A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle’s Java patch schedule, it may be some time before a fix becomes widely available.”
Source: Disable Java NOW, users told, as 0-day exploit hits web • The Register