For these users there’s no point in waiting, so we have blocked the Java plugin for them. However, people who are using Mac OS X 10.5 and older won’t get the Java update, which means they will remain vulnerable unless they update their operating system or upgrade their hardware. This bug will be fixed in Firefox 12 and we will complete the block on Mac OS X after it is released on April 24th.
This means that even if someone updates Java on Mac, Firefox will continue to say an old and vulnerable version is installed. The other one is that there’s a bug in Firefox that prevents it from reloading plugin metadata after an update. One reason is that the Apple has already patched its Java software and the Software Update application is very effective doing its job. We haven’t followed up with the Mac OS X operating system for a couple of reasons. Two weeks ago we blocked vulnerable versions of the Java plugin on Windows and some Linux distributions.