Zero-day vulnerabilities are less of a problem than the old-ones since many people use the older, vulnerable versions of the software. In february 2013 Oracle ended support for Java 6 which means no more security fixes. Despite the fact, this version is widely deployed and still used by more than 50% users. Users should either disable Java in their browsers or update it to the latest version.