Java vulnerabilities (and the resulting patches) are often in the news. However, most of these vulnerabilities affect machines with the Java browser plugin. A machine can have Java installed and be largely unaffected by these vulnerabilities -- so long as the Java browser plugin is disabled. If you want to check that the Java browser plugin is disabled, you can review the instructions at this link: http://www.java.com/en/download/help/disable_browser.xml
For Firefox, these are the steps I used to verify that the Java browser plugin is disabled.
- From the Menu Bar, do "Tools" -> "Add-ons"
- The next page will list "Add-ons". For my machine, "Java(TM) Platform SE 6 U32 6.0.320.5" was listed. It was marked "(disabled)"
- Note that recent builds of Firefox will disable the Java browser plugin by default.
Finally, although XOWA uses Java and is a browser-based app, it does not use the Java browser plugin in any manner.
XOWA tries to control this situation in the following ways: