I recently read about the Oracle Java 7 Security Manager Bypass Vulnerability published by the United States Computer Emergency Readiness Team. As I understand it, vulnerabilities have been discovered which could allow a sandboxed application to promote itself in privileges to be able to access files and resources outside of the sandbox - such as accessing your files or internet communication. US-Cert Vulnerability Note VU#636312 advises disabling or removing completely the Java runtime environment so that web browsers cannot launch Java.
While I understand and am concerned about the security threat, I am also concerned about the impact of disabling or removing the Java runtime environment. In my simple tests I found that web pages and resources ceased to function fully for need of the appropriate Java runtime.
It appears that Oracle can or will release a security update that may address at least part of this threat but questions remain: What would the impact be if Java is uninstalled altogether? How would this likely affect web use? What about the Lotus Notes Components that make use of Java?
I am still trying to wrap my head this and would appreciate any information that you think may help myself or others that may read this post.