According to several sources, there is a critical security flaw in all versions of Oracle Java that was discovered in September, that Oracle is declining to fix until February. There are no known actual exploits using it, but still... many security sites are recommending that users disable Java in their web browsers because of this.
Some sites with technogeek info about the issue are: SANS.org @RISK: The Consensus Security Vulnerability Alert, Kaspersky Lab's ThreatPost, and SecList.org's Full Disclosure.
What I find depressing about this isn't that there is a found security flaw, but that Oracle is refusing to fix it. Reportedly, their stated reason is that the report came too late for them to include the fix in their most recent update and that it would take months of research, development and testing to prove a fix. Yet the guy who found and reported the issue to them included a fix in his report, a fix that he said took him about a half hour to code and prove.
In Firefox, it's a Plugin accessed via the AddOns section. Just click on the Firefox button and select AddOns, then Plugins and locate Java(TM) Platform and disable it.
In Chrome, type chrome:plugins into the address bar, scroll down and click the Disable link for Java.
In Internet Explorer 9, click on Tools, Manage Add-Ons, select Java(TM) SSV Plugin and disable it. If there are more than one and the other(s) do not automatically also disable, disable those too.
Note that this may brake some web pages. There are many legitimate reasons to have Java in web pages. If disabling Java in your browser does break things you regularly use, you can re-enable it by going back to where you disabled it and enable it again.