AOL Corporate Communications Information for VU#32231

Netscape Java Security Manager fails to prevent URLConnections through netscape.net.URLConnection Class

Status

Affected

Vendor Statement

Netscape takes all security issues very seriously, and we are working to quickly evaluate and address this concern. If the reports are accurate, we plan to make a patch available, but in the interim, users can protect themselves by simply turning off Java.

Users can also visit http://www.netscape.com/security to get the mostup to date information on a patch, and its availability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Systems running Netscape Communicator version 4.04 through 4.74 with Java enabled. Netscape 6 is unaffected by this problem.

If you have feedback, comments, or additional information about this vulnerability, please send us email.