Check in add-ons. There've been vulnerabilities in Java prior to J7u13, and Firefox has been disabling the plugins for the vulnerable versions. There's nothing the updater maintainer can do, since this is entirely within the browser.
"Hey! I'm not illiterate. I had a book once. ...could've used some ketchup though..."