The browser plugin is not safe; Java itself is pretty much OK for Java applications (those that are not Internet- or browser-based (that pesky plugin).
Best bet? Go read the US-CERT notice (
http://www.kb.cert.org/vuls/id/625617) and decide for yourself, eh.
If you're using
Firefox or
Seamonkey, you want to disable the Java plugin; you do that from
Tools,
Add-ons,
Plugins and click tab next to
Java Plugin to disable it.
You can also refer to these addresses (copy-paste into your browser):
* Vulnerability Note VU#625617
<http://www.kb.cert.org/vuls/id/625617>
* Setting the Security Level of the Java Client
<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html>
* The Security Manager
<http://docs.oracle.com/javase/tutorial/essential/environment/security.html>
* How to disable the Java web plug-in in Safari
<https://support.apple.com/kb/HT5241>
* How to turn off Java applets
<https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets>
* NoScript
<http://noscript.net/>
* Securing Your Web Browser
<https://www.us-cert.gov/reading_room/securing_browser/#Safari>
* Vulnerability Note VU#636312
<http://www.kb.cert.org/vuls/id/636312#solution>
Hope this helps some.