`02-FEB-99 - http://www.skylab.org/netscape/index.html
Yet another browser bug was found late last week. This time in
Netscape's Communicator 4.5.
The problem appears with the way Netscape handles forms. In many cases,
the browser will store data entered on a FORM in C:\WINDOWS\TEMP in a
NSFORM*.TMP file. This file is supposed to be deleted when its use is
completed. Unfortunately, this does not happen and the file is left in the temp
directory for prying eyes to see.
Depending on the site you are visting and the nature of the form, you could
uknowingly reveal everything from your phone number and address to your
credit card and Social Security number.
The only solution? Other than avoiding forms altogether, the only option is to
scan the temp directory and manually delete the NSFORM*.TMP file. It is
expected that the final release of Netscape Communicator 4.51 will resolve
the issue. At this time, however, the 4.51 beta has the same problem.
Here is an example of NSFORM*.TMP's content when opened with a
Date: Wed, 03 Feb 1999 21:34:01 -0800
From: John Doe
X-Mailer: Mozilla 4.5 [en] (Win98; I)
Subject: Form posted from Mozilla
Content-Disposition: inline; form-data
Address1=123 NE Main Street
Subject=Customer Service Request
Comments=I have been a long time customer of your company, and
until today-- always satisfied... blah blah blah. More writing.
And more and more... blah blah blah.
As you can see, a lot of information can be extracted from an unsuspecting
user's computer. The above example is just the tip of the ice-berg so to