No matter what we do to the browser's TLS implementation, this attack would still be possible via Java, because Java has its own TLS implementation.

We are already working on proactively mitigating any improvements on the BEAST attack that could be made to work using native browser features that would be affected by changes to our TLS implementation. But, right now, there are no known ways to implement the attack using built-in browser features.

There may indeed be other vectors for an attack that use built-in browser features. However, some characteristics of how the browser manages connections and how it formats HTTP requests would defeat most (all, as far as we know at this time) variations of the attack that use built-in browser features.

An applet cannot steal the cookies directly but it could cause the JVM to send the cookies in HTTPS requests on its behalf.

The applet doesn't have to guess anything with the Java-based attack.

Implementing that workaround in the browser will not help when the attacker users Java, because the Java Plugin does not use the browser's TLS implementation; it uses its own.

An Oracle engineer is the one that came up with that technique for interfering with the exploit.

We are going to implement it. I am finalizing the patch now.