Phase:The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
ReferencesBUGTRAQ:Friday, June 09, 2000 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug) | URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html | BUGTRAQ:Saturday, May 13, 2000 Re: Reappearance of an old IE
Votes:Proposed (Wednesday, July 12, 2000)
Comments: ACCEPT(2) Ozancin, Levy | MODIFY(1) Frech | NOOP(2) Christey, Wall | REVIEWING(1) LeBlanc
F7: Christey> Confirmed by Scott Culp, but this only applies to | outdated/unsupported versions of the JVM. | Frech> XF:macos-java-security-ignored(5052) | Christey> Consult with Microsoft to ensure that this is fixed by | MS:MS00-059. If so, then this might not just be in MacOS.