I disabled Java in IE, Chrome and Firefox a couple of hours ago just in case, thought it's better after all...but I didn't block Java completely (from def+ as suggested), as I still want java to check automatically for updates and get the patch when it's there. This said I'm pretty sure NS would protect me in Firefox, but I use Chrome a lot atm...I'll try to check what they say on NS forums...