That is why I always advise users of alternate browsers like FF 1.5
and Flock to install NoScript, and temporarily allow only that (or part of that) site, that one trusts or has pre-scanned with Dr.Web’s pre-hyperlink scanner plug-in both for FF 1.5 x and Flock.
Anyone on the fact if the malicious applet still making victims,
It’s not strictly a vulnerability- or if it is, it’s a vulnerability in any browser running Sun Java- a vulnerability to 'social engineering. Apparently, Sun have made the security pop-up more intuitive since then. But users still have to avoid clicking ‘yes’ to software installs of ActiveX or Java not from legitimate sites.
I came across a page saying that the Firefox pop-up blocker can now be configured to block all such requests for software installation- useful if you have less security-aware users on your computer.