In the few weeks since this thread started, Mozilla is now blocking in-browser Java outright, yes?
OP, have you ever been "bitten by" Java, or had malware injected onto your system via a Java vulnerability?
(Not asking you to list them, but) I'm wondering what sites you visit which require use of Java?
I've had Java disabled in-browser since way back in 2005(?) and can't say I've ever missed it, er, don't know what I've missed out by not having it available.
I do have JRE installed to a sandboxie container. Several graphics applications that I've used depend on its availability.
I've never personally been bitten by malware employing a Java vector, but prior to disabling it in-browser, I came "yay close to being bitten" -- proxomitron rules thwarted redirection and /or loading of the injector embed object.
Along with Java, I block Silverlight, RealPlayer, and similar proprietary devices. I don't regard them as being inherently evil, though. I just don't want to expose myself to the potential grief their ongoing vulnerabilities invite. IMO, the most dangerous (and maybe I'd even label it as "evil") current aspect of web-centric computing is "dot net" (.Net) ... with NaCL (native client) on the horizon, as a close second.
Flash extension remains installed in my Firefox browser. FlashBlock browser addon suits me fine.
Probably the only thing I've blocked, and occasionally "miss" is Shockwave... or the ol' Macromedia Director.
We had some wonderful freeware and shareware games which utilized Director.