For those who just want the fix, here’s how to disable the Java web browser plugin: How to disable the Java browser plugin
Recently, there have been two significant vulnerabilities identified in the Java runtime. As some of Trumpet’s applications (including Symphony Suite, Assemblage and Attach Plus) run on the Java runtime, we wanted to make sure our clients know what they can do to avoid a security issue should a user visit a malicious website that also uses the Java plug-in.
When the user visits a malicious website using their web browser, the site can cause Java code to be executed without the user giving permissions – and this code can be used to manipulate files of the user’s PC. This is a very big problem (similar to past security vulnerabilities in other browser plugins).
Java itself is not at issue – it's only when the Java plugin for the web browser is enabled.
The good news is that very few websites use the Java plug-in anymore, and you can generally disable it without significant impact to your normal browsing.
Instructions for disabling the Java plugin are outlined in the following article from Oracle: How to disable the Java browser plugin