--- a/ChangeLog	Tue Jul 30 14:33:17 2013 +0200
+++ b/ChangeLog	Tue Jul 30 09:41:12 2013 -0400
@@ -1,3 +1,8 @@
+2013-07-30  Andrew Azores <aazores@redhat.com>
+	* netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java:
+	(getProxiesWithoutCaching) added java.vm.name read permission to fix
+	Rhino parsing and PAC proxy configuration
+
 2013-07-30  Jiri Vanek  <jvanek@redhat.com>
 
 	* tests/reproducers/simple/simpletest1/resources/favicon.ico: new file

--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java	Tue Jul 30 14:33:17 2013 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java	Tue Jul 30 09:41:12 2013 -0400
@@ -48,6 +48,7 @@
 import java.security.Permissions;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
 
 import net.sourceforge.jnlp.util.TimedHashMap;
 
@@ -124,9 +125,15 @@
 
         EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
                 pacHelperFunctionContents, url);
+
+        // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
+        // isn't supposed to do very much and so doesn't require all the default permissions given by
+        // java.policy
         Permissions p = new Permissions();
         p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
         p.add(new SocketPermission("*", "resolve"));
+        p.add(new PropertyPermission("java.vm.name", "read"));
+
         ProtectionDomain pd = new ProtectionDomain(null, p);
         AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });