After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday.

An Oracle executive has promised to "fix" problems with Java that have left Web sites running the Java plugin vulnerable to malicious hackers and resulted in some high-profile security breaches.