Is there any way of working around Citibank's Citidirect forcing usage of vulnerable Java Runtime Enviromnent, as it is described in my posting on Full Disclosure?
When Java 5 was still supported installing two versions of Java made a trick - Citidirect worked with unsupported version as long as supported old version was also installed. Only latest version of Java files were open so I think it was secure. But it does not work with Java 6.
Maybe there's a way of limiting Java plugin to one domain, for example citibank.com? Java is not needed for anything else. My users have Windows XP Professional and use Internet Explorer 8 as a browser.