Attackers using two recently-uncovered Java “zero-days” have expanded their reach by going mainstream. The exploit’s breakout followed the addition of attack code to the notorious Blackhole exploit toolkit. Mozilla, maker of Firefox, joined the chorus of advice that users should disable the current version of Oracle’s Java. Mozilla is also ready to automatically block the plug-in from running in its browser, although it has not yet pulled the trigger. Some machines running OS X will also be vulnerable to attacks if hackers integrate the Java zero-days in Mac malware.”]