Some Java-related security problems are vulnerabilities in Oracle's implementation. But the major problem is with Java itself. Much Java code is simply very bad, and attackers can exploit weaknesses to take over a machine. Java's vaunted "sandbox" is nothing of the sort.

Adobe has deprecated Flash for Linux. The last new player binary was released I think a year ago. Adobe still provides security updates for it, but no one knows how long this will continue. Meanwhile, as the player ages, it falls farther and farther behind.

HTML5 is not a direct replacement for Flash. Web sites will have to modify their multimedia content so that it can be delivered via HTML5. Because HTML5 doesn't rely on a binary plugin, it has less of an attack footprint than Flash.

> I have FireFox installed from just a repository [...]

For newer versions of Firefox (like Firefox 36), the new "official" PPA for Kubuntu is:
https://launchpad.net/~moz-plasma

There's more information in
https://www.kubuntuforums.net/showth...lasma-team-PPA

Necroposting?

I've searched for this subject in Google, which showed this thread (where I previously wrote, BTW), and it's good that people that come there see which is the more actual thread of kubuntuforums.net about this subject :-)