netscape4.5-nsform.tmp.txt

1999-08-17T00:00:00
ID PACKETSTORM:12251
Type packetstorm
Reporter SKYLAB.ORG
Modified 1999-08-17T00:00:00

Description

                                        
                                            `02-FEB-99 - http://www.skylab.org/netscape/index.html  
  
Yet another browser bug was found late last week. This time in  
Netscape's Communicator 4.5.  
  
The problem appears with the way Netscape handles forms. In many cases,  
the browser will store data entered on a FORM in C:\WINDOWS\TEMP in a  
NSFORM*.TMP file. This file is supposed to be deleted when its use is  
completed. Unfortunately, this does not happen and the file is left in the temp  
directory for prying eyes to see.  
  
Depending on the site you are visting and the nature of the form, you could  
uknowingly reveal everything from your phone number and address to your  
credit card and Social Security number.  
  
The only solution? Other than avoiding forms altogether, the only option is to  
scan the temp directory and manually delete the NSFORM*.TMP file. It is  
expected that the final release of Netscape Communicator 4.51 will resolve  
the issue. At this time, however, the 4.51 beta has the same problem.  
  
Here is an example of NSFORM*.TMP's content when opened with a  
text-editor:  
  
  
Date: Wed, 03 Feb 1999 21:34:01 -0800  
From: John Doe   
X-Mailer: Mozilla 4.5 [en] (Win98; I)  
X-Accept-Language: en  
MIME-Version: 1.0  
To: info@website.net  
subject%3Dcontactme:   
Subject: Form posted from Mozilla  
Content-type: text/plain  
Content-Disposition: inline; form-data  
  
Firstname=John   
Lastname=Doe  
Address1=123 NE Main Street  
City=New York  
State=NY  
Zipcode=01102   
Homephone=206-123-4567  
Workphone=   
206-345-6789< A  
href="mailto:UserEmail=  
jdoe@email.org">  
UserEmail=  
jdoe@email.org  
MessageType=emailme  
Subject=Customer Service Request  
SubjectOther=  
Comments=I have been a long time customer of your company, and  
until today-- always satisfied... blah blah blah. More writing.  
And more and more... blah blah blah.  
  
As you can see, a lot of information can be extracted from an unsuspecting  
user's computer. The above example is just the tip of the ice-berg so to  
speak.  
`